[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] No subject

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] No subject
From: "Pocjfr" <Pocjfr@yandex.ru>
Date: Mon, 13 Oct 2003 20:13:10 +0400 (MSD)

Hi!

I have remote bindshell exploit for any Windows system with MS03-39 patch 
installed, but now i can't publish it. This code 
http://www.securitylab.ru/40757.html works only against Win2k Server sp3/sp4, 
WinXP sp1, Windows 2003, and doesn't work (code needed some change) againt 
Windows 2003 sp1beta, WinXP without SP and w2k sp0-sp2. 




----- Original Message ----- 
From: <webheadport80@netscape.net>
To: <full-disclosure@lists.netsys.com>
Sent: Monday, October 13, 2003 6:29 PM
Subject: Re: [Full-Disclosure] RE: Re: Bad news on RPC DCOM vulnerability


> I've tried it on a couple of ms03-039 patched w2k boxes and it didn't DoS the 
> RPC service like it did on my w2k-unpatched box.  Are you saying that you've 
> gotten it to kill the RPC service on a ms03-039 patched machine 
> (particularily, w2k)?
> 
> During my ms03-039 w2k tests, the exploit runs for several seconds then stops 
> with a status of ~5000 but it doesn't kill the RPC.
> 
> The reason I'd like confirmation is that my Microsoft corp contact told me 
> that Microsoft, back in Redmond, said this exploit doesn't work on 
> ms03-039...  I'd like to confirm/deny this claim.  Especially, since they 
> haven't updated their sec bulletin on ms03-039 for this vulnerability.
> 
> Any feedback from folks who have successfully gotten this exploit to work on 
> a PATCHED ms03-039 w2k box would be GREATLY APPRECIATED!!!
> 
> Thanks,
> WebHead
> 
> 
> ======================================================
> This code doesn't work without shellcode. The simple version of a "battle" 
> shellcode can be found here:
> 
> http://www.SecurityLab.ru/_exploits/bshell2 (add user 'a' with pass 'a' in 
> administrator group)
> 
> You can change this shellcode as you need.
> 
> On system with MS03-39 installed, this code only crash systems, because 
> nature of new vulnerability is not known.
> 
> See more: http://www.securitylab.ru/40757.html
> 
>  
> 
> ----- Original Message ----- 
> From: Mike Gordon 
> To: full-disclosure@lists.netsys.com 
> Sent: Monday, October 13, 2003 1:41 AM
> Subject: [Full-Disclosure] RE: Re: Bad news on RPC DCOM vulnerability
> 
> 
> A compiled version is found at http://www.SecurityLab.ru/_exploits/rpc3.zip 
> But it seems to only crash systems. 
> 
> Does any one have a clean complile of the "better code" from 
> http://www.cyberphreak.ch/sploitz/MS03-039.txt 
> 
> 
> __________________________________________________________________
> McAfee VirusScan Online from the Netscape Network.
> Comprehensive protection for your entire computer. Get your free trial today!
> http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397
> 
> Get AOL Instant Messenger 5.1 free of charge.  Download Now!
> http://aim.aol.com/aimnew/Aim/register.adp?promo=380455
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] No subject
  - From: "Gregory A. Gilliss" <ggilliss@netpublishing.com>

Prev by Date: Re: [Full-Disclosure] openssh exploit code?
Next by Date: Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
Previous by thread: [Full-Disclosure] OT: I'd like to post a question to help settle an argument
Next by thread: Re: [Full-Disclosure] No subject
Index(es):
- Date
- Thread