Windows Messenger Vulnerability
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Windows Messenger Vulnerability

  1. #1
    Member
    Join Date
    Nov 2003
    Posts
    71

    Windows Messenger Vulnerability

    I have a box sitting next to me running XP that is vulnerable to the messenger service exploit.

    I have compiled an exploit and ran it against the machine. Appearently the exploit creates user: X and pass: X.

    How then, after running the exploit, am I able to compromise the machine? My goal here is to upload and execute a file. Please help! Thank you.

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    http://www.hackthissite.org/article.php?view=5

    Might want to sign up here...apparently they teach how to use exploits. I did a search on this site for "how to exploit", and I couldn't find anything.... hmmm maybe I don't know how to search properly.

    And since you didn't specify which exploit...errr...umm..nevermind

  3. #3
    Member
    Join Date
    Nov 2003
    Posts
    71
    I know bitching about negs isn't smart but I cannot ****ing believe I was negged for this... it's sad honestly. To be negged for that... it's completely insane.

  4. #4
    Member
    Join Date
    Dec 2003
    Posts
    77
    people are really touchy here about what you post, and what its about. Also if the post has already been talked about or even previously posted by another user.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    depends on who's code your using but it usually binds a shell to 9191. downloading and using pre-compiled exploits is very 'not smart'. you never know whats been added or if its even what it says it is. if you had the code instead of the exe you would have spared yourself this thread
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Calm down please folks.

    SevenBleach.......I saw your post earlier and should have warned you, but I had to meet with a customer and I was short of time.sorry about that.

    What is this exploit? As the machine is next to you, the first thing I would do is go to it and try to login with User=X Password=X, just to see if it had worked?

    Next thing would be:

    1. Do I show up as a new user profile, such that Admins and audit software would find me?
    2. If I am there, what rights have I got?...can I elevate them?

    Please do not do this on a machine that you don't have permission to, as your motives may well be misunderstood?

    One thing I will say about the modern meaning of "hacking" you are guilty until proven innocent.......and innocence is a hard thing to prove?

    Good luck

    EDIT: 1. Groovicus........the tutorial is called "How To Exploit Your Staff".....I am just working on the punishments appendices and tables at the moment

    ...........2. Tedob1....only twice have I found "ready made" exploits useful...and that was to demonstrate to senior, non-computer literate, management just how vulnerable we were........naturally done in the lab But I got the budget!!!

  7. #7
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Using the Messenger overflow indicates that RPC is open so most likely NetBios is active and available on the target machine as well. Once the exploit creates the account what would stop you from then using net bios commands to access the target machine legitimately(via NB)?


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    this vuln is discribed in MS03-043. most of the exploits are written either to DoS the target or bind a command shell to port 9191. as the command shell runs as system their shouldn't be any need to create a user or login or at least i have never heard of one doing this. if yours does i would think 'net use' would be the logical way to go.

    for this exploit to work you need the right offsets be set in the code. every language ver., every edition and every service pack has its own offset...once again you need the code (and the offset of course)
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  9. #9
    Member
    Join Date
    Nov 2003
    Posts
    71
    Mine says that it binds the shell one 9191 but i doesn't... in fact what it does do is it fixes the vulnerabiliy... hmm

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Originally posted here by SevenBleach
    Mine says that it binds the shell one 9191 but i doesn't... in fact what it does do is it fixes the vulnerabiliy... hmm

    ahh! the hazards of precompiled binaries :]
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •