DCOM released in wild

Printable View

August 13th, 2003, 12:47 AM
NullDevice

Autor00ter/scanner for RPC/DCOM released in wild

friends this is to inform u all...a new autorooter for RPC?DCOM was released today.....
it comes with binaries for windows...but the linux source code needs a to be fixed...it takes the ip range as input....and gives u a shell as soon a vuln. system it encounters...after u have worked on the shell and existed ...it continues ....

i think it uses ExitThread to not let the remote m/c get rebooted....also it seems to be using universal addresses of win2k and XP.....

well for testing purpose u know where to locate it

its kaht2.zip
August 13th, 2003, 12:50 AM
Plastic

was that really a safe thing to post? lol, that CAN'T be safe ;)
August 13th, 2003, 01:51 AM
Tedob1

i really think you should caution people about downloading binaries from those who make backdoors, this isnt really a leet hacker hangout and someone wanting to test it themselfs like some of us here are touting could get seriously compromised. but thanks for the info NullDevice !
August 13th, 2003, 08:13 AM
NullDevice

Tedob1...point taken
August 14th, 2003, 08:12 PM
cross

I have been meaning to scan my network, but have been discouraged to do so because all of the scanners seem to be infected. May be that they are not, but they just resemble the actuall virus, however I have no way of telling that or not. is there a safe way to scan my network using this? Or am I better off going machine to machine and phisically looking at each (which would take a very long time)?