-
August 9th, 2003, 11:06 PM
#1
Senior Member
RPC / DCom exploit
I don't know if anybody has heard of the RPC / DCOM exploit for Win2k and WinXP, but it's pretty nasty. A simple .exe will give a full shell, or dos prompt, to the host with merely the target IP and OS type (XP or 2k).
I strongly advise that everybody running XP or 2K out there run Windows Update, there is a patch for this exploit. Patch Info
Again, this is some nasty sh*t and a pretty bad exploit. Be advised.
-
August 9th, 2003, 11:16 PM
#2
Is this the first time this has been posted here its been around for about a week now. There is also a worm too based on the sploit the next code red maybe ?
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
-
August 9th, 2003, 11:28 PM
#3
Banned
Originally posted here by prodikal
Is this the first time this has been posted here its been around for about a week now. There is also a worm too based on the sploit the next code red maybe ?
This has been posted a couple of times before.
A simple search for 'RPC' will reveal most (if not all) the threads that discussed this vulnarability before.
I read about that 'code red' factor.
All I can say is: I am keeping my eyes on my logs'
Have a nice day.
-
August 9th, 2003, 11:33 PM
#4
Senior Member
hrrmm... quite true... but more and more script kiddies are getting their hands on the exploit, and it's getting way out of hand.
-
August 9th, 2003, 11:57 PM
#5
Well of-course there are about 12 proof of concepts and a worm released i seen one with 19 targets on it
heres the proof of concept
As if its hard to find a varient of it and with my own testing it works fairly well if all goes well you should see
- Remote DCOM RPC Buffer Overflow Exploit
- Original code by FlashSky and Benjurry
- Rewritten by HDM <hdm [at] metasploit.com>
- Using return address of 0x77e9afe3
- Dropping to System Shell...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
No boxes were harmed in the given example
Also note that this will mostly affect home users which is a bad threat with more and more home users swicthing to high speed modems imagine thousands maybe even millions of home users running a bot that connects back to an irc chan thats set-up to DoS whatever the person at the 'wheel' feels like
scary huh
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
-
August 10th, 2003, 12:15 AM
#6
Senior Member
yessir... i do have a copy of that code
and yes indeed, this exploit is one hell of a scary thing. full access to 90% of people with XP or 2K, crazy stuff.
-
August 10th, 2003, 12:29 AM
#7
Ya but as i said its only mostly home users i only know of one person whos caught a webserver with it and it was a .edu some where it's supposed to be microsofts biggest sploit in the OS yet all the more reason to swicth to *nix there is never this much wide spread panic
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
-
August 10th, 2003, 06:44 AM
#8
Senior Member
most definately... *nix systems are far superior, but ya still almost have to have XP, especially if you're like me at college
-
August 10th, 2003, 07:05 AM
#9
ok lets not forget that this exploit can only work if your RPC ports are exposed which a personal firewall protects stright out of the box. i really dont see a mass stampede of users switching to linux when they can just about use windows. i can see the sale of firewalls increasing.
I really have to wonder why this fact isn't forced down the publics throat. all i keep reading is how dangerous this can be and nothing about how simple it would be to prevent it.
I dont know what this code will do 'as is' yet but the code originally posted by Xfocus will only cause svchost to crash unless the code is tweeked.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
August 10th, 2003, 07:12 AM
#10
Senior Member
ahh... and not JUST firewalls... just about every user behind a router even is protected from this exploit
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|