what
Nov 2 2003, 08:17 AM
it deffinally does work on windows xp, sp1, all current fixes. But it will NOT work remotely. The port is stealthed remotely. Must be ran locally.
detonator
Nov 1 2003, 03:43 AM
hm my dec-c++ compiler gets many errors
on which compiler it should work ?
greetz
assom
Nov 1 2003, 04:50 AM
As Usual Crashes.
And nothing happens to the Targeted Machine...
ripper2k3
Nov 1 2003, 01:32 PM
too many failures by compiling
seppel18
Nov 1 2003, 02:22 PM
Just add
#pragma comment( lib, "ws2_32.lib" )
But didn't work for me...
MxMx
Nov 1 2003, 02:51 PM
ive seen this one before .. but didnt compile .. too many errors .. hope someone could help us all out by compilen this one
antique
Nov 1 2003, 03:01 PM
Here is compiled :-)
decline
Nov 1 2003, 03:09 PM
Thanks for this man nice stuff
flame
Nov 1 2003, 03:20 PM
i tested it on my network and got nothing but identifying the OS (xp,2000 etc.)
and a number goes up till i stopped it..
i read it suppose to put a user A with pass 577 but still nothing.
ideas anyone ?
low_rider
Nov 1 2003, 04:07 PM
thnx gonna try it
GAN_GR33N
Nov 1 2003, 10:20 PM
i tried this on 6 different boxes on my network and it seems to do nothing but identify the system
antique
Nov 1 2003, 10:39 PM
I check this on Windows XP Polish Version and it's WORK OK
But it do sofink mor than reload/shut down system after 60 second since You run exploit on target machine
You can't get shell on this exploit!
flame
Nov 1 2003, 10:58 PM
| QUOTE (antique @ Nov 1 2003, 10:39 PM) |
I check this on Windows XP Polish Version and it's WORK OK
But it do sofink mor than reload/shut down system after 60 second since You run exploit on target machine
You can't get shell on this exploit! |
work ok = as: making a user name A with pass 577 ?
admin privelige ?
what is OK for you ?
please send what you got from a succesfull machine plzz
antique
Nov 1 2003, 11:49 PM
The following exploit code is a universal exploit code for the Windows RPC security vulnerability we reported earlier. This more advance exploit code doesn't use static addresses for jumps.
Further information:
"1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is again actual.
2. It was reported by exploit author (and confirmed), Windows XP SP1 with all security fixes installed still vulnerable to variant of the same bug. Windows 2000/2003 was not tested. For a while only DoS exploit exists, but code execution is probably possible. Technical details are sent to Microsoft, waiting for confirmation."
hifil0wlife
Nov 2 2003, 09:42 PM
| QUOTE (what @ Nov 2 2003, 08:17 AM) |
| it deffinally does work on windows xp, sp1, all current fixes. But it will NOT work remotely. The port is stealthed remotely. Must be ran locally. |
so it's useless?
aspfreakout
Nov 3 2003, 06:51 PM
Huh? Just think of someone having a basic account with "no rights" running this on the company's network with 1000+ pc's...
Wolfman
Nov 3 2003, 10:04 PM
I'v tested this on a XP SP1 and this is what happed
C:\Inetpub\Scripts>rpc3.exe 192.168.1.49
192.168.1.49
192.168.1.49 - send exploit to WinXP
8576
| CODE |
C:\WINDOWS\system32>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
[URL=http://www.foundstone.com]http://www.foundstone.com[/URL]
Pid Process Port Proto Path
2128 inetinfo -> 21 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
2128 inetinfo -> 25 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
2128 inetinfo -> 80 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
716 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe
4 System -> 139 TCP
2128 inetinfo -> 443 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System -> 445 TCP
788 svchost -> 1025 TCP C:\WINDOWS\System32\svchost.exe
900 -> 1049 TCP
784 -> 1057 TCP
2128 inetinfo -> 1066 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
0 System -> 1194 TCP
0 System -> 1195 TCP
0 System -> 1198 TCP
0 System -> 1199 TCP
3560 rpc3 -> 1200 TCP C:\Inetpub\Scripts\rpc3.exe
900 -> 5000 TCP
900 -> 123 UDP
2128 inetinfo -> 135 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
2128 inetinfo -> 137 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
716 svchost -> 138 UDP C:\WINDOWS\system32\svchost.exe
2128 inetinfo -> 445 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
2128 inetinfo -> 500 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
716 svchost -> 1026 UDP C:\WINDOWS\system32\svchost.exe
2128 inetinfo -> 1030 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
2128 inetinfo -> 1052 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System -> 1067 UDP
788 svchost -> 1070 UDP C:\WINDOWS\System32\svchost.exe
4 System -> 1900 UDP
3560 rpc3 -> 1900 UDP C:\Inetpub\Scripts\rpc3.exe
900 -> 3456 UDP
|
The only wierd thing is: 3560 rpc3 -> 1200 TCP C:\Inetpub\Scripts\rpc3.exe
But i cant telnet into it.
And no USER created.
yeyo
Nov 4 2003, 04:35 PM
Tested on W2k and ...
rpc3 10.10.10.10
10.10.10.10
10.10.10.10 - send exploit to Win2K
3408
Send failed.Error:10054
I'll try on more ips
Thanks.
---
I looked at the code and ...
//SHELLCODE From SAM ,THANKs !
//Add user SST,password is 557,
but no user at the remote ip
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
