=k3Rn=
Aug 21 2004, 08:11 AM
hi
i am wondering if there is an easy way to secure a shell against the ms04-011 expoit.
one way would be to dl and install the right patch - but is there any other / faster way to do the task??
thx in advance
=k3Rn=
i am sorry, just found another thread to this topic - i replyed there too.
but the question remains - is there an easier way to secure it?
and does it have to be the right language ?
crackie
Aug 21 2004, 09:17 AM
yes there is ...
but kern u are asking stupid questions in this forum all day long :[ just install a dos firewall or just run your ftp on the xploit port . i guess its 666
so think about your questions first alone and if you got no clue then ask at gover !
greetz crackie
BuzzDee
Aug 21 2004, 09:47 AM
| CODE |
| just run your ftp on the xploit port . i guess its 666 |
the port is 445. and running an ftp on that port isnt possible cuz its in use...
i read about another way to secure against the lsass exploits somewhere in the forum, but i think patching the box is the best way
Terminal
Aug 21 2004, 09:52 AM
fastest way is to remove File and print sharing (This closes port 445) . Or just stop rpc services .
Venom
Aug 21 2004, 10:49 AM
Delete IPC$ for a fast patch
.. but yea best way is to patch it
And oh Crakie ..... he asked a stupid question and you gave the stupidest reply.
Antil
Aug 21 2004, 10:50 AM
or just dont be lazy and install the patch..
whats so hard about 30 secs more work...
=k3Rn=
Aug 21 2004, 10:59 AM
@crackie: the only thing stupid here is your answer!
i still wonder if it's nessessary to install the right language of the patch - anyone tested that yet?
and thx for all the other answers!
Terminal
Aug 21 2004, 11:33 AM
| QUOTE (crackie @ Aug 21 2004, 02:47 PM) |
yes there is ...
but kern u are asking stupid questions in this forum all day long :[ just install a dos firewall or just run your ftp on the xploit port . i guess its 666 so think about your questions first alone and if you got no clue then ask at gover !
greetz crackie |
Stupid answer
. But try to learn from ur mistakes
crackie
Aug 21 2004, 01:14 PM
| QUOTE (BuzzDee @ Aug 21 2004, 11:47 AM) |
| CODE | | just run your ftp on the xploit port . i guess its 666 |
the port is 445. and running an ftp on that port isnt possible cuz its in use... i read about another way to secure against the lsass exploits somewhere in the forum, but i think patching the box is the best way |
lol ... damn .... 445 is the port that is being exploited but the normal autohacker shellport is 666 ... and if you disconnect from the shell u get its not in use anymore.. so i am right with 666 ! think first than talk nubs
BuzzDee
Aug 21 2004, 01:29 PM
autohacker
u r l33t
sry i'm not that "experienced" with autohackers since i use the exploits to test my own pcs and not to hack into systems i dont own...
BuzzDee
Aug 21 2004, 01:32 PM
| CODE |
| i still wonder if it's nessessary to install the right language of the patch |
it depends on the os language which patch u have to use.
torcuato
Aug 21 2004, 01:57 PM
| QUOTE (crackie @ Aug 21 2004, 01:14 PM) |
| QUOTE (BuzzDee @ Aug 21 2004, 11:47 AM) | | CODE | | just run your ftp on the xploit port . i guess its 666 |
the port is 445. and running an ftp on that port isnt possible cuz its in use... i read about another way to secure against the lsass exploits somewhere in the forum, but i think patching the box is the best way |
lol ... damn .... 445 is the port that is being exploited but the normal autohacker shellport is 666 ... and if you disconnect from the shell u get its not in use anymore.. so i am right with 666 ! think first than talk nubs
|
crackie dont be stupid please... For the shellport you can use 666 or whatever port that you want... Good idea to patch LSASS servers using your ftp server in 666 port LOL
continue like tis m8
=k3Rn=
Aug 21 2004, 02:12 PM
what a nonsens crackie !
skyvionics
Aug 21 2004, 02:46 PM
how to delete IPC$ share or administra
GogetaSSJ4
Aug 21 2004, 03:21 PM
The Patch is the best solution
You can use quite command:
Windows2000-KB835732-x86-XXX.EXE /quiet /forcerestart /o /n /f
Another solution is upload reg.exe and type this command:
| CODE |
reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareWks /t REG_DWORD /d 00000000 /f
reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareServer /t REG_DWORD /d 00000000 /f
reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\LSA /v RestrictAnonymous /t REG_DWORD /d 00000002 /f
reg.exe ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server" /v Enabled /t REG_BINARY /d 00 /f |
M4Z3R
Aug 21 2004, 03:25 PM
Crackie stop thinking like a kiddie, I don't have anything against you, but just read what your wrote:
| QUOTE |
| lol ... damn .... 445 is the port that is being exploitedbut the normal autohacker shellport is 666 ... and if you disconnect from the shell u get its not in use anymore.. /*Wow . . . */ so i am right with 666 ! think first than talk nubs |
Coz, I don't get it
Cheers, M4Z3R
And yeah
K3RN, Look if you go down 3 topics in the "Windows Systems" forum, what do you have . . . yet another topic on this subject, I know, it's amazing
http://www.governmentsecurity.org/forum/in...?showtopic=8187
=k3Rn=
Aug 21 2004, 06:38 PM
mazer, no offence, but i found that thread by searching - just some minutes too late - and then i replyed there too with an excuse... :|
Terminal
Aug 21 2004, 06:54 PM
Crackie 666 is port which we can specify to get shell . But if u have little brain see when lsass is exploited ur attacking program connects to port 445
. You can also change reverse shell port from 666 to any other . If u would have seen syntax of program then u wouldnt have replied this
| QUOTE |
MS04011 Lsasrv.dll RPC buffer overflow remote exploit v0.1
------
Usage:
E:\LSASS.EXE <target> <victim IP> <bindport> [connectback IP] [options]
Targets:
0 [0x01004600]: WinXP Professional [universal] lsass.exe
1 [0x7515123c]: Win2k Professional [universal] netrap.dll
2 [0x751c123c]: Win2k Advanced Server [SP4] netrap.dll
Options:
-t: Detect remote OS:
Windows 5.1 - WinXP
Windows 5.0 - Win2k
|
tomas\
Aug 23 2004, 10:56 AM
meh people here are (filtered) lazy.. do some research yourself before asking stupid ass questions
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
