RPC / DCom exploit
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37

Thread: RPC / DCom exploit

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    207

    RPC / DCom exploit

    I don't know if anybody has heard of the RPC / DCOM exploit for Win2k and WinXP, but it's pretty nasty. A simple .exe will give a full shell, or dos prompt, to the host with merely the target IP and OS type (XP or 2k).

    I strongly advise that everybody running XP or 2K out there run Windows Update, there is a patch for this exploit. Patch Info

    Again, this is some nasty sh*t and a pretty bad exploit. Be advised.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    Is this the first time this has been posted here its been around for about a week now. There is also a worm too based on the sploit the next code red maybe ?
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  3. #3
    Originally posted here by prodikal
    Is this the first time this has been posted here its been around for about a week now. There is also a worm too based on the sploit the next code red maybe ?
    This has been posted a couple of times before.
    A simple search for 'RPC' will reveal most (if not all) the threads that discussed this vulnarability before.

    I read about that 'code red' factor.
    All I can say is: I am keeping my eyes on my logs'

    Have a nice day.

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    207
    hrrmm... quite true... but more and more script kiddies are getting their hands on the exploit, and it's getting way out of hand.

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    Well of-course there are about 12 proof of concepts and a worm released i seen one with 19 targets on it

    heres the proof of concept

    As if its hard to find a varient of it and with my own testing it works fairly well if all goes well you should see

    - Remote DCOM RPC Buffer Overflow Exploit
    - Original code by FlashSky and Benjurry
    - Rewritten by HDM <hdm [at] metasploit.com>
    - Using return address of 0x77e9afe3
    - Dropping to System Shell...

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\WINDOWS\system32>
    No boxes were harmed in the given example

    Also note that this will mostly affect home users which is a bad threat with more and more home users swicthing to high speed modems imagine thousands maybe even millions of home users running a bot that connects back to an irc chan thats set-up to DoS whatever the person at the 'wheel' feels like

    scary huh
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    207
    yessir... i do have a copy of that code

    and yes indeed, this exploit is one hell of a scary thing. full access to 90% of people with XP or 2K, crazy stuff.

  7. #7
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    Ya but as i said its only mostly home users i only know of one person whos caught a webserver with it and it was a .edu some where it's supposed to be microsofts biggest sploit in the OS yet all the more reason to swicth to *nix there is never this much wide spread panic
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  8. #8
    Senior Member
    Join Date
    May 2003
    Posts
    207
    most definately... *nix systems are far superior, but ya still almost have to have XP, especially if you're like me at college

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    ok lets not forget that this exploit can only work if your RPC ports are exposed which a personal firewall protects stright out of the box. i really dont see a mass stampede of users switching to linux when they can just about use windows. i can see the sale of firewalls increasing.

    I really have to wonder why this fact isn't forced down the publics throat. all i keep reading is how dangerous this can be and nothing about how simple it would be to prevent it.

    I dont know what this code will do 'as is' yet but the code originally posted by Xfocus will only cause svchost to crash unless the code is tweeked.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    207
    ahh... and not JUST firewalls... just about every user behind a router even is protected from this exploit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •