Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: LSD hacker Broke Windows Server 2003

  1. #1
    Senior Member
    Join Date
    Aug 2002

    LSD hacker Broke Windows Server 2003

    Hi guys/girls,

    Do you still remember the famous LSD who won PITBULL challenge (Argus Hacking challenge)?.
    Now they made a news broke in to Windows Server 2003
    Check this out:

    The Last Stage of Delirium Research Group has discovered a critical security vulnerability in all recent versions of Microsoft operating systems. The vulnerability affects default installations of Windows NT 4.0, Windows 2000, Windows XP as well as Windows 2003 Server. The LSD Research Group was able to create proof of concept codes for this issue, which allowed for remote attack resulting in execution of any commands on vulnerable Windows systems with SYSTEM privileges (the highest level of access in Windows). The vulnerability is also exploitable in the case of Windows 2003 Server, regardless of the buffer overflow prevention mechanism it has been equipped with. >>

    Check out their link http://www.lsd-pl.net/


    Not an image or image does not exist!
    Not an image or image does not exist!

  2. #2
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Hehe was only a matter of time before someone did it and made it to the news. I am surprised it did not happen sooner

  3. #3
    Senior Member
    Join Date
    May 2003
    well M$ response awaited lets see how much they care abt their this product. they are marketing it with full vigour. So i think M$ will soon realse its patch soon. and the fact that a lot of websites are shifting over to M$ Win 2K3 ...lets hope this stops this trend.
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands
    The existence of the vulnerability has been confirmed by Microsoft Corporation. This report is part of the coordinated release of information about this new threat. The appropriate security bulletin as well as fixes for all affected platforms are available for download from the Microsoft Security.
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #5
    Senior Member
    Join Date
    Jan 2003
    This is a Microsoft product we're talking about here..... In the immortal words of Gomer Pyle "Surprise! Surprise! Surprise!"

  6. #6
    We all had a feeling that RPC's would be the culprit of a major Windows flaw. Even though they are very helpful at times they always seem to be a vulnerability.
    \"I have not failed. I\'ve just found 10,000 ways that won\'t work.\" - Albert Einstein

  7. #7
    Senior Member
    Join Date
    Nov 2001
    the way they got around the MS anti-overflow device worked in the lab under "certain conditions" which they arn't saying but their method works on all other unpatched nt based systems unconditionally
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Junior Member
    Join Date
    Jan 2003

    Exclamation Microsoft Security Bulletin MS03-026

  9. #9
    Senior Member
    Join Date
    Aug 2002

    Exclamation Re: Microsoft Security Bulletin MS03-026

    Originally posted here by MrZaiGA
    View and download patch from MS


    Yes MS have new patch but that patch is useless cause :
    patched XP Home.

    Drag/Drop and other COM functions stop working, after a very visible
    svchost.exe crash.

    The hdmore loopback exploit is more friendly - it gave a nice DoS on all
    RPC/COM services (no drag/drop) without crashing svchost. Of course,
    this is only with the new return addresses that are not tied to any
    specific servicepack..

    Thor Larholm
    PivX Solutions, LLC - Senior Security Researcher

    -----Original Message-----
    From: khan rohail [mailto:rohaikaz YAHOO COM]
    Sent: Monday, July 28, 2003 8:34 AM
    Subject: RPC DCOM still vulnerable even after applying patches

    This is in reference to exploit code available here:

    We (Douglas Mclean/and I) have checked it against
    windows 200 SP4 machines that "even if you apply the
    patch kb823980", you can get DOS attacks as tcp port
    135 service (loc-srv)gets crashed and we get this
    error on the box against which the exploit is being

    "SVCHOST.exe has generated errors and will be closed
    by Windows. You will need to restart the program. An
    error log is being created".

    You are not able to access Event log either and other
    funny things are detected too.

    So, even if you apply the patch MS03-026 you still are vulnerable and
    you can still get DOS attacks.
    Check out the link http://www.securityfocus.com/archive...8/2003-08-03/2

    Not an image or image does not exist!
    Not an image or image does not exist!

  10. #10
    Senior Member
    Join Date
    Jul 2003
    I think I spend half my time patching systems at work. There are so many systems around including servers, it gets ridiculous how much I have to patch. Even with software to automate the patching it still wastes a lot of my time configuring the software to run the new patch and with so many notebooks I have to always worry that some user will not log in to the network and then will not get patched. Its just too much work just keeping up with all the patches released.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts