Full Disclosure mailing list archives

Re: RE: Re: Bad news on RPC DCOM vulnerability

From: webheadport80 () netscape net
Date: Mon, 13 Oct 2003 10:29:53 -0400

I've tried it on a couple of ms03-039 patched w2k boxes and it didn't DoS the RPC service like it did on my 
w2k-unpatched box.  Are you saying that you've gotten it to kill the RPC service on a ms03-039 patched machine 
(particularily, w2k)?

During my ms03-039 w2k tests, the exploit runs for several seconds then stops with a status of ~5000 but it doesn't 
kill the RPC.

The reason I'd like confirmation is that my Microsoft corp contact told me that Microsoft, back in Redmond, said this 
exploit doesn't work on ms03-039...  I'd like to confirm/deny this claim.  Especially, since they haven't updated their 
sec bulletin on ms03-039 for this vulnerability.

Any feedback from folks who have successfully gotten this exploit to work on a PATCHED ms03-039 w2k box would be 
GREATLY APPRECIATED!!!

Thanks,
WebHead


======================================================
This code doesn't work without shellcode. The simple version of a "battle" shellcode can be found here:

http://www.SecurityLab.ru/_exploits/bshell2 (add user 'a' with pass 'a' in administrator group)

You can change this shellcode as you need.

On system with MS03-39 installed, this code only crash systems, because nature of new vulnerability is not known.

See more: http://www.securitylab.ru/40757.html

 

----- Original Message ----- 
From: Mike Gordon 
To: full-disclosure () lists netsys com 
Sent: Monday, October 13, 2003 1:41 AM
Subject: [Full-disclosure] RE: Re: Bad news on RPC DCOM vulnerability


A compiled version is found at http://www.SecurityLab.ru/_exploits/rpc3.zip 
But it seems to only crash systems. 

Does any one have a clean complile of the "better code" from http://www.cyberphreak.ch/sploitz/MS03-039.txt 


__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge.  Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Re: Bad news on RPC DCOM vulnerability, (continued)
- - Re: Re: Bad news on RPC DCOM vulnerability Irwan Hadi (Oct 10)
  - RE: Re: Bad news on RPC DCOM vulnerability Matthew D. Lammers (Oct 10)
- RE: Re: Bad news on RPC DCOM vulnerability Dimitri Limanovski (Oct 10)
- RE: Bad news on RPC DCOM vulnerability VigilantMinds Security Operations Center (Oct 10)
- RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
  - Re: RE: Re: Bad news on RPC DCOM vulnerability Paul Tinsley (Oct 12)
    - RE: RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
  - Re: RE: Re: Bad news on RPC DCOM vulnerability Alex (Oct 12)
    - RE: RE: Re: Bad news on RPC DCOM vulnerability Brett Moore (Oct 14)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
- Re: RE: Re: Bad news on RPC DCOM vulnerability webheadport80 (Oct 13)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Schmehl, Paul L (Oct 13)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Gordon, Mike (Oct 14)