Re: ms06-025

[H D Moore <sflist () digitaloffense net>]

Metasploit contains two modules for this flaw, both of them require valid 
authentication credentials to use. Make sure you set the SMBUSER/SMBPASS 
variables before running the exploits. The RPC message format is defined 
fairly well in both exploits, but since they need to be sent over SMB 
(ports 139/445) and using DCERPC, it is non-trivial to turn into a 
standalone exploit (without doing a poor job of handling errors or 
evasion).

-HD

On Monday 17 July 2006 03:40, mikage_rinoa () yahoo com wrote:
> I am currently working on a report regarding this vulnerability
> although I have tried to use the PoC given at metasploit but have
> failed in trying to crash the system.  Do you guys have any idea what
> RPC message format is to be sent so that the exploit will work and do i
> have to send it thru any specific port for it work?