Hosting Provided By

Re: RPC DCOM exploit

From: Barry Fitzgerald <bkfsec(at)sdf.lonestar.org>
Date: Fri Aug 01 2003 - 12:51:21 EDT

I've recently been testing dcom.c for pen testing on my network and the Windows 2000 SP3 and SP4 boxes that I was able to penetrate did not reboot after exiting from the shell. I was using the dcom.c that H D Moore released (Based on Flasksky's code) via a cygwin environment. Therefore, not having the system reboot, in my mind, is not a sign that an exploit did not take place.

Now, there could be a matrix of different patch levels that could cause the system to reboot or not reboot. Who knows why we're getting different results...

Is anyone else on the list seeing that at least some of their target systems are not rebooting after executing this code?

-Barry

morning_wood wrote:

>could be... but .. they are two seperate issues,

Received on Fri Aug 1 13:57:35 2003

Do you need help?

This message: [ Message body ]
Next message: De Doncker, Steve: "RE: Command Line RPC vulnerability scanner?"
Previous message: Wong Wai Kit: "Suspicious firewall logs"
In reply to: morning_wood: "Re: RPC DCOM exploit"
Next in thread: morning_wood: "Re: RPC DCOM exploit"
Reply: morning_wood: "Re: RPC DCOM exploit"
Reply: wirepair: "Re: RPC DCOM exploit"
Reply: Peter Fry: "Re: RPC DCOM exploit"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:14 EDT