Full Disclosure mailing list archives
RE: whoch DCOM exploit code are they speaking about here?
From: "Xie Chun Yan, Sherman" <ccexies () nus edu sg>
Date: Wed, 17 Sep 2003 20:16:15 +0800
Just to clarify a bit, to my knowledge this screen shot is taken from an exploit for MS03-026 . It's not for MS03-039. It was an internal version developed by a security company in China. Correct me if I am wrong. This http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php is by eyas (he is a member of xfocus.org, same as flashsky). It's the first public exploit for MS03-039 I've seen. If you've seen references to other exploits, care to share? Regards, Sherman -----Original Message----- The exploit at http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php is rather limited. It only creates a local administrator account named "e" with a password of "asd#321". But, it only works against Windows 2000 (English) with SP3 or SP4, if it works at all. ========================== I've seen references to other exploits out there, along with some source and executables, including one that is much more capable. It allegedly works against all SP and language versions of both Windows 2000 and XP. It gives access to a command shell that has Local System rights, and might easily be modified to work as part of a universal worm package. Remember that Blaster and Welchia/Nachia both had to "guess" whether they were attacking W2K or XP. This new exploit works either way. Here's a link to a screen shot of it: http://haiyangtop.533.net/1.jpg ========================== Rather than a sleeping bag, a one-way ticket to a nice uninhabited island sounds better. Jerry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- whoch DCOM exploit code are they speaking about here? Josh Karp (Sep 16)
- <Possible follow-ups>
- Fw: whoch DCOM exploit code are they speaking about here? SPAM (Sep 16)
- RE: whoch DCOM exploit code are they speaking about here? Elvar (Sep 16)
- RE: whoch DCOM exploit code are they speaking about here? Jerry Heidtke (Sep 16)
- RE: whoch DCOM exploit code are they speaking about here? Brown, Rodrick (Sep 16)
- RE: whoch DCOM exploit code are they speaking about here? James Foster (Sep 17)
- RE: whoch DCOM exploit code are they speaking about here? Xie Chun Yan, Sherman (Sep 17)