Vulnerability Development mailing list archives
Re: ms06-025
From: H D Moore <sflist () digitaloffense net>
Date: Mon, 17 Jul 2006 20:35:42 -0500
Metasploit contains two modules for this flaw, both of them require valid authentication credentials to use. Make sure you set the SMBUSER/SMBPASS variables before running the exploits. The RPC message format is defined fairly well in both exploits, but since they need to be sent over SMB (ports 139/445) and using DCERPC, it is non-trivial to turn into a standalone exploit (without doing a poor job of handling errors or evasion). -HD On Monday 17 July 2006 03:40, mikage_rinoa () yahoo com wrote:
I am currently working on a report regarding this vulnerability although I have tried to use the PoC given at metasploit but have failed in trying to crash the system. Do you guys have any idea what RPC message format is to be sent so that the exploit will work and do i have to send it thru any specific port for it work?
Current thread:
- ms06-025 mikage_rinoa (Jul 17)
- Re: ms06-025 H D Moore (Jul 17)