where is this for d/l cause its out there



believe it !!!!

wow i SO need this

I also have this as a compiled version...and it does work. You should try to find code and try to compile it yourself...

I got it, but it's private

i don't have the sploit, but here is the advisory and directions on how to disable it...

Microsoft Knowledge Base Article - 826382
http://support.microsoft.com/default.aspx?kbid=826382

Usually in those posts they are faked or mimiced or yeah they'll never give it to you.... it's all ego.

what acid has is real (it's myst acid! w00t) but don't count on him posting it .... he doesn't even share with people he knows well... greedy lil bum

I think your ISP close port 135 @ Neo-Tokyo

this vuln is port 593....

I'm so sick of 'oh i have this but its private' or 'oh im not giving it out till its public'
screw you guys, share it or keep your mouth shut about it. People who make posts like that should be banned and thier sources for exploits should be smacked upside the head with a unix manual.

# The script code starts here
#

function dcom_recv(socket)
{
local_var buf, len;

buf = recv(socket:socket, length:10);
if(strlen(buf) != 10)return NULL;

len = ord(buf[8]);
len += ord(buf[9])*256;
buf += recv(socket:socket, length:len - 10);
return buf;
}


port = 135;
if(!get_port_state(port))port = 593;
else {
soc = open_sock_tcp(port);
if(!soc)port = 593;
else close(soc);
}
if(!get_port_state(port))exit(0);

#-------------------------------------------------------------#

function hex2raw(s)
{
local_var i, j, ret;

>for(i=0;i<strlen(s);i+=2)
{
if(ord(s[i]) >= ord("0") && ord(s[i]) <= ord("9"))
j = int(s[i]);
else
j = int((ord(s[i]) - ord("a")) + 10);

j *= 16;
if(ord(s[i+1]) >= ord("0") && ord(s[i+1]) <= ord("9"))
j += int(s[i+1]);
else
j += int((ord(s[i+1]) - ord("a")) + 10);
ret += raw_string(j);
}
return ret;
}

#--------------------------------------------------------------#
function check(req)
{
local_var soc, bindstr, error__code, r;


soc = open_sock_tcp(port);
if(!soc)exit(0);

bindstr = & quot;05000b03100000004800000001000000d016d016000000000100000000000100a0010000000
00000c00000000000004600000000045d888aeb1cc9119fe808002b10486002000000";
send(socket:soc, data:hex2raw(s:bindstr));
r = dcom_recv(socket:soc);
if(!r)exit(0);

send(socket:soc, data:req);
r = dcom_recv(socket:soc);
if(!r)return NULL;

close(soc);
error_code = substr(r, strlen® - 4, strlen®);
return error_code;
}

function check2(req)
{
local_var soc,bindstr, error_code, r;


soc = open_sock_tcp(port);
if(!soc)exit(0);

bindstr = & quot;05000b03100000004800000001000000d016d016000000000100000000000100a0010000000
00000c00000000000004600000000045d888aeb1cc9119fe808002b10486002000000";
send(socket:soc, data:hex2raw(s:bindstr));
r = dcom_recv(socket:soc);
if(!r)exit(0);

send(socket:soc, data:req);
r = dcom_recv(socket:soc);
if(!r)return NULL;


error_code = substr(r, strlen® - 24, strlen® - 20);
return error_code;
}
#---------------------------------------------------------------#


# Determine if we the remote host is running Win955/98/ME
bindwinme = & quot;05000b03100000004800000053535641d016d016000000000100000000000100e6730ce6f98
8cf119af10020af6e72f402000000045d888aeb1cc9119fe808002b10486002000000";
soc = open_sock_tcp(port);
if(!soc)exit(0);
send(socket:soc, data:hex2raw(s:bindwinme));
rwinme = dcom_recv(socket:soc);
close(soc);
lenwinme = strlen(rwinme);
stubwinme = substr(rwinme, lenwinme-24, lenwinme-21);

# This is Windows 95/98/ME which is not vulnerable
if("02000100" >< hexstr(stubwinme))exit(0);


#----------------------------------------------------------------#

REGDB_CLASS_NOTREG = "5401048000";
CO_E_BADPATH = "0400088000";
NT_QUOTE_ERROR_CODE_EQUOTE = "00000000";



#
req1 = & quot;0500000310000000b0030000010000009803000000000400050002000000000000000000000
0000000000000000000000000000000000000000000009005140068030000680300004d454f57040
00000a201000000000000c0000000000000463803000000000000c00000000000004600000000380
30000300300000000000001100800ccccccccc80000000000000030030000d800000000000000020
00000070000000000000000000000000000000000000018018d00b8018d000000000007000000b90
1000000000000c000000000000046ab01000000000000c000000000000046a501000000000000c00
0000000000046a601000000000000c000000000000046a401000000000000c000000000000046ad0
1000000000000c000000000000046aa01000000000000c0000000000000460700000060000000580
000009000000058000000200000006800000030000000c000000001100800cccccccc50000000000
00000ffffffff0000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000001100800cccccccc4800000000000000005d889aeb1cc9119fe808002b10486010000000000
00000000000000100000000000000b8470a005800 000005000600010000000000000000000000c000000000000046cccccccc01100800cccccccc8000
0000000000000000000000000000000000000000000020ba09000000000060000000600000004d45
4f5704000000c001000000000000c0000000000000463b03000000000000c0000000000000460000
00003000000001000100673c70941333fd4687244d093988939d0200000000000000000000000000
000000000000000000000100000001100800cccccccc480000000000000000000000b07e09000000
000000000000f0890a0000000000000000000d000000000000000d000000730061006a0069006100
6400650076005f0078003800360000000800cccccccc01100800cccccccc10000000000000000000
000000000000000000000000000001100800cccccccc5800000000000000c05e0a00000000000000
0000000000001b000000000000001b0000005c005c0000005c006a00690061006400650076005f00
7800000036005c007000750062006c00690063005c00410041004100410000000000010015000110
0800cccccccc200000000000000000000000905b09000200000001006c00c0df0800010000000700
550000000000";

req2 = & quot;0500000310000000b0030000020000009803000000000400050002000000000000000000000
0000000000000000000000000000000000000000000009005140068030000680300004d454f57040
00000a201000000000000c0000000000000463803000000000000c00000000000004600000000380
30000300300000000000001100800ccccccccc80000000000000030030000d800000000000000020
00000070000000000000000000000000000000000000018018d00b8018d000000000007000000b90
1000000000000c000000000000046ab01000000000000c000000000000046a501000000000000c00
0000000000046f601000000000000c000000000000046ff01000000000000c000000000000046ad0
1000000000000c000000000000046aa01000000000000c0000000000000460700000060000000580
000009000000058000000200000006800000030000000c000000001100800cccccccc50000000000
00000ffffffff0000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000001100800cccccccc4800000000000000005d889aeb1cc9119fe808002b10486010000000000
00000000000000100000000000000b8470a005800 000005000600010000000000000000000000c000000000000046cccccccc01100800cccccccc8000
0000000000000000000000000000000000000000000020ba09000000000060000000600000004d45
4f5704000000c001000000000000c0000000000000463b03000000000000c0000000000000460000
00003000000001000100673c70941333fd4687244d093988939d0200000000000000000000000000
000000000000000000000100000001100800cccccccc480000000000000000000000b07e09000000
000000000000f0890a0000000000000000000d000000000000000d000000730061006a0069006100
6400650076005f0078003800360000000800cccccccc01100800cccccccc10000000000000000000
000000000000000000000000000001100800cccccccc5800000000000000c05e0a00000000000000
0000000000001b000000000000001b0000005c005c0000005c006a00690061006400650076005f00
7800000036005c007000750062006c00690063005c00410041004100410000000000010015000110
0800cccccccc200000000000000000000000905b09000200000001006c00c0df0800010000000700
550000000000";


req3 = & quot;05000e03100000004800000003000000d016d01605af00000100000001000100b84a9f4d1c7
dcf11861e0020af6e7c5700000000045d888aeb1cc9119fe808002b10486002000000";

req4 = & quot;05000003100000009a000000030000008200000001000000050002000000000000000000000
00000000000000000000000000000000000009596952a8cda6d4ab23619bcaf2c2dea34eb8f00070
0000000000000070000005c005c004d0045004f00570000000000000000005c0048005c004800010
0000058e98f00010000009596952a8cda6d4ab23619bcaf2c2dea01000000010000005c00";




#display(hex2raw(s:req));
#exit(0);






error1 = check(req:hex2raw(s:req1));
error2 = check(req:hex2raw(s:req2));


#error3 = check(req:hex2raw(s:req3));
#error4 = check2(req:hex2raw(s:req4));

#display("error1=", hexstr(error1), "\n");
#display("error2=", hexstr(error2), "\n");
#display("error3=", hexstr(error3), "\n");
#display("error4=", hexstr(error4), "\n");



if(hexstr(error2) == hexstr(error1))
{
if(hexstr(error1) == "0500078000")exit(0); # DCOM disabled
security_hole(port);
}
else {
set_kb_item(name:"SMB/KB824146", value:TRUE);
}

Has Anyone Got A Scanner For This Exploit Yet ?

If So Can You Please Attach It To This Thread

ThankYou

Best Regards

Adam

Vast Gsm Team

Da Sick Crew

Some Info From eEye

Additional Information On the RPC DCOM Vulnerability
The vulnerability exists in the Windows Component Object Model (COM) subsystem, which is a critical service used by many Windows applications. The potential for remote exploitation arises from the fact that the Distributed COM (DCOM) service, which allows COM objects to communicate with one another across a network, is activated by default on Windows NT, 2000, XP, and 2003. DCOM allows an attacker to reach the vulnerability in COM over the network, using any of the following ports:
TCP and UDP ports 135 (Remote Procedure Call)
TCP ports 139 and 445 (NetBIOS)
TCP port 593 (RPC-over-HTTP)
Any IIS HTTP/HTTPS port if COM Internet Services are enabled
Although uncommon, this configuration would allow the vulnerable COM interface to be accessed over any port on which the IIS web service is running.

anddos can you please post the full code?
thznkx

Yer Post The Code Please M8
Thank You
Lets Us Have Some FUN

Best Regards

Adam

Vast Gsm Team

Da Sick Crew

come on dude

i googled a bit with anddos's code and found this


http://msgs.securepoint.com/cgi-bin/get/ne...-0309/21/1.html

don't know if its the right code



Edit:

This is a script for nessus

ok guys... i am now releasing this exploit to you... try not to get all retarded and make a stupid worm with it...

RPC over HTTP
scan for port 593
let me know what you think

norton recognizes this as blaster - how come ? its a diffrent xploit?

i turn my antivirus off in my exploit dir its not ths same thing but its still identified as the blaster shit

hey thanks alot acid man really was looking for this

i thought port 80 was http
been scanning not many servers with port 593 open

I'll take a peek at this!

Thanks man

WOW i cant dl it anymore? what happened?

Well i'm a trial member so i can't download it anyway tell me if anyone gets nething with it.

the problem is that acid didnt pack up his "blaster" so the system on this board must have deleted it.
am i right ?

i read this is an DoS xploit... right ?

ty

would someone be nice enough to upload the file again (this time compressed and protected).