Another RPC DCOM Vulnerability / Exploit (Now DCOM3) !
Results 1 to 4 of 4

Thread: Another RPC DCOM Vulnerability / Exploit (Now DCOM3) !

  1. #1
    Junior Member
    Join Date
    Aug 2003
    Posts
    4

    Another RPC DCOM Vulnerability / Exploit (Now DCOM3) !

    hi, this is a message from bugtraq :

    Universal exploit for MS03-039 is now public on k-otik.com

    http://www.k-otik.com/exploits/10.09...niversal.c.php
    http://www.k-otik.com/exploits/10.09.rpcunshell.asm.php

    It was reported by exploit author (and confirmed), Windows XP SP1
    with all security fixes installed still vulnerable to variant of the
    same bug. Windows 2000/2003 was not tested.

    For a while only DoS exploit exists (DCOM3) , but code execution is probably possible. Technical details are sent to Microsoft, waiting for confirmation.

    ppl must block the vulnerable ports.

    Regards

    Gurou ** Security Administrator

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    220
    These are everywhere now...thanks for the heads up
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  3. #3
    while i understand what rpc and dcom are as technologies, i don't understand how they work or how they interact with each other. i did some searching on the site and wasn't able to find a tutorial on this either. i'm also interested in how these exploits work in plain english-- all of that code is just plain french to me at this point
    anyone have any good links?

  4. #4
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    RPC is a way to make a remote machine run a certain procedure for you. It was used a bit with SunOS, but I don't know anyone that has used it in a windows environment.

    DCOM is the same idea, but on a different level, and it is a MS only thing. dcom should be more "invisible" where the program does all the work, while rpc would require user interaction. I have never seen this used.. anyplace.. The only use I have seen for DCOM is to exploit it.

    The exploit is a buffer overflow. Basically it sends a shitload of information to the DCOM port, then finishes the info off with the code to run a remote shell. DCOM gets confused and runs the code at the end, and you have a shell. When MS patched it, all they did was tell it not to run the code at the end. They didn't tell it to drop the packets. Thats why it causes a DOS.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •