Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: RPC DCOM exploit
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: RPC DCOM exploit
  • From: Jan Soubusta <[EMAIL PROTECTED]>
  • Date: Sat, 02 Aug 2003 15:54:22 +0200
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
.
 
hi all,
I tested about 50 boxes in our college network, mostly w2k sp4 and XP sp1.
Almost all of them gave me shell, a few cases only got down service on port 135. 

                           Jacek
I've recently been testing dcom.c for pen testing on my network and the Windows 2000 SP3 and SP4 boxes that I was able to penetrate did not reboot after exiting from the shell. I was using the dcom.c that H D Moore released (Based on Flasksky's code) via a cygwin environment. Therefore, not having the system reboot, in my mind, is not a sign that an exploit did not take place.
Now, there could be a matrix of different patch levels that could cause the system to reboot or not reboot. Who knows why we're getting different results...
Is anyone else on the list seeing that at least some of their target systems are not rebooting after executing this code? 

      -Barry





---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.