Hi,

I'm currently looking for the offsets I should use for successful exploitation of windows NT by the dcom1 exploit. As far as my searches went, I could find only WinNT English SP4's offset, which is 0x77f327e5, and some chinese NT offsets.
Does anyone got the offsets of the other SPs, preferbly SP6 or 6a, or maybe a universal for NT? maybe a way to find those offsets will help too.

Thanks.

Hello, I'm having same problem. I have used every call/jmp ebx offset for NT4SP6 that I have found in Metasploit.com's opcode search utility (very useful) without success. I suspect that due to the different nature of RPCSS between NT4 and later releases (NT4 has is represented as an exe vice DLL). that some substantial modification of the shellcode will be required to make it work.MetaSploit's opcode search db