Re: Windows DCOM exploit (was Re: What you don't want to hear from a peer)

[George Bakos <gbakos () ists dartmouth edu>]

HD Moore released one today that returns a Local System shell on port 4444. I've run it in the lab and, as expected of 
all HD code, works consistantly.

g

On Fri, 25 Jul 2003 15:56:57 -0400
"Ingevaldson, Dan (ISS Atlanta)" <dsi () iss net> wrote:

> George-
>
> Which exploit are you referring to?  There are several floating around.
> Many of them are misrepresented as MS03-026 exploits.  There was another
> vulnerability disclosed that only causes a DoS condition--no remote
> compromise.
>
> Regards,
> ===============================
> Daniel Ingevaldson
> Engineering Manager, X-Force R&D
> dsi () iss net 
> 404-236-3160
>  
> Internet Security Systems, Inc.
> The Power to Protect
> http://www.iss.net 
> ===============================
>
>
> -----Original Message-----
> From: George Bakos [mailto:gbakos () ists dartmouth edu] 
> Sent: Friday, July 25, 2003 3:47 PM
> Cc: jtk () depaul edu; nanog () merit edu
> Subject: Windows DCOM exploit (was Re: What you don't want to hear from
> a peer)
>
>
>
> On Fri, 25 Jul 2003 14:29:13 -0500
> John Kristoff <jtk () depaul edu> wrote:
>
> > Maybe it'll help start the weekend with a smile.
>
> Smile for now; it probably won't last. The Windows DCOM exploit that was
> released today, works perfectly. BTW, how many residential networks
> (worm
> fodder) really need port 135/tcp open, anyway?
>
> And I thought I would have time to split some cordwood today. Rats.

George Bakos
Institute for Security Technology Studies - IRIA
Dartmouth College
gbakos () ists dartmouth edu
603.646.0665 -voice
603.646.0666 -fax