August 21st, 2003 01:19 AM
kaht2.exe-RPC DCOM Tool
Hey guys, quick question:
I downloaded the kaht2.exe program, which, as many of you know, exploits the recent flaw in the way Windows handles RPC commands. The site I got it from is a trusted site known to many of you: securityfocus.com.
In fact, I think NullDevice also provided the download.
ANYWAYS, the new definitions for NAV classify it as a "Hacker.Tool.Virus."
Heh, I doubt it actually is, but is kaht2.exe, a non-gui file, really a virus that causes harm to your own computer? Or does overprotective Norton just deem it simply as a "HackerTool"?
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
August 21st, 2003 01:32 AM
i used the program to see if any of the computers of my local network were vulnerable and after patching all of them, i noticed that my firewall asked me if i wanted to allow dcom to access the internet but in another range of ip addresses my network ip addres is xxx.xxx.88.xxx and after i clossed the prog it asked me if i whanted to allow Dcom to conect to xxx.xxx.89.xxx on port 135 and i cancelled the acction it seems that stills scanning. i think that it also runs in stealth mode. I wouldn't recommend running that application
August 21st, 2003 02:21 AM
I personally haven't used that exploit program so I can't comment for sure, but I'd be a little weary of it. I have a recommendation for you, for a tool that I have used and know that it works well and can be trusted. Download the Retina RPC DCOM Vulnerability Scanner from http://www.eeye.com - it will scan your network and report back to you the machines that are vulnerable.. The tool is available for free at this link: http://www.eeye.com/html/Research/Tools/RPCDCOM.html