Printable View
I don't know if anybody has heard of the RPC / DCOM exploit for Win2k and WinXP, but it's pretty nasty. A simple .exe will give a full shell, or dos prompt, to the host with merely the target IP and OS type (XP or 2k).
I strongly advise that everybody running XP or 2K out there run Windows Update, there is a patch for this exploit. Patch Info
Again, this is some nasty sh*t and a pretty bad exploit. Be advised.
Is this the first time this has been posted here its been around for about a week now. There is also a worm too based on the sploit the next code red maybe ?
This has been posted a couple of times before.Quote:
Originally posted here by prodikal
Is this the first time this has been posted here its been around for about a week now. There is also a worm too based on the sploit the next code red maybe ?
A simple search for 'RPC' will reveal most (if not all) the threads that discussed this vulnarability before.
I read about that 'code red' factor.
All I can say is: I am keeping my eyes on my logs'
Have a nice day.
hrrmm... quite true... but more and more script kiddies are getting their hands on the exploit, and it's getting way out of hand.
Well of-course there are about 12 proof of concepts and a worm released i seen one with 19 targets on it
heres the proof of concept
As if its hard to find a varient of it :rolleyes: and with my own testing it works fairly well if all goes well you should see
- Remote DCOM RPC Buffer Overflow Exploit
- Original code by FlashSky and Benjurry
- Rewritten by HDM <hdm [at] metasploit.com>
- Using return address of 0x77e9afe3
- Dropping to System Shell...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
No boxes were harmed in the given example :D
Also note that this will mostly affect home users which is a bad threat with more and more home users swicthing to high speed modems imagine thousands maybe even millions of home users running a bot that connects back to an irc chan thats set-up to DoS whatever the person at the 'wheel' feels like
scary huh
yessir... i do have a copy of that code
and yes indeed, this exploit is one hell of a scary thing. full access to 90% of people with XP or 2K, crazy stuff.
Ya but as i said its only mostly home users i only know of one person whos caught a webserver with it and it was a .edu some where it's supposed to be microsofts biggest sploit in the OS yet all the more reason to swicth to *nix there is never this much wide spread panic ;)
most definately... *nix systems are far superior, but ya still almost have to have XP, especially if you're like me at college
ok lets not forget that this exploit can only work if your RPC ports are exposed which a personal firewall protects stright out of the box. i really dont see a mass stampede of users switching to linux when they can just about use windows. i can see the sale of firewalls increasing.
I really have to wonder why this fact isn't forced down the publics throat. all i keep reading is how dangerous this can be and nothing about how simple it would be to prevent it.
I dont know what this code will do 'as is' yet but the code originally posted by Xfocus will only cause svchost to crash unless the code is tweeked.
ahh... and not JUST firewalls... just about every user behind a router even is protected from this exploit