Autor00ter/scanner for RPC/DCOM released in wild

**NullDevice** · August 13th, 2003, 12:47 AM

friends this is to inform u all...a new autorooter for RPC?DCOM was released today.....
it comes with binaries for windows...but the linux source code needs a to be fixed...it takes the ip range as input....and gives u a shell as soon a vuln. system it encounters...after u have worked on the shell and existed ...it continues ....

i think it uses ExitThread to not let the remote m/c get rebooted....also it seems to be using universal addresses of win2k and XP.....

well for testing purpose u know where to locate it

its kaht2.zip

**Plastic** · August 13th, 2003, 12:50 AM

was that really a safe thing to post? lol, that CAN'T be safe

***Tedob1*** · August 13th, 2003, 01:51 AM

i really think you should caution people about downloading binaries from those who make backdoors, this isnt really a leet hacker hangout and someone wanting to test it themselfs like some of us here are touting could get seriously compromised. but thanks for the info NullDevice !

**NullDevice** · August 13th, 2003, 08:13 AM

Tedob1...point taken

***cross*** · August 14th, 2003, 08:12 PM

I have been meaning to scan my network, but have been discouraged to do so because all of the scanners seem to be infected. May be that they are not, but they just resemble the actuall virus, however I have no way of telling that or not. is there a safe way to scan my network using this? Or am I better off going machine to machine and phisically looking at each (which would take a very long time)?

Thread: Autor00ter/scanner for RPC/DCOM released in wild

Thread Tools

Display

Autor00ter/scanner for RPC/DCOM released in wild

Posting Permissions