Well I have tried all shellcodes from alle the public exploits now and made my own exploits. all shellcodes work very well. but I must tell you, that this exploits is simply useless to 90% (fxp-guys) in this board. this epxloits are ONLY LOCAL exploits they don't work on remote ones - because the function NetValidateName checks the buffer before sending it to a remote machine (it doesn't check this before doing this on your own machine). if you want to attack a remote machine you must create this rpc packages by hand and sending it by hand. (I'm trying to make such a exploits...)

if you exploit one you should to your "things" and RESTART the machine. it's not like with the old rpc exploits. the rpc service creates a thread to handle your request - services.exe don't create a thread. the process stack is destroyed with this exploits! this is very fatal because this process is the parent process of all services. if it crashes (and it will crash) the machine restarts

So, this is now a local escalation privilege exploit, which i think people will be interested in. . . But when I went to "shields up" (look for it on google) it said that port 135 was stealthed. I made sure that my firewall was down, and I'm pretty sure that I don't have ICF running. This may be another reason the exploit doesn't work remotely.

yes, at the moment its just a local privilege exploits, and it works at 99% of all machines. some isp block 135 but my isp doesn't do this. the most fws blocking 135 remotly but not local. so this exploist will work on the most firewalled machines too.

it have written and tested this epxloits on my 3 computers little home network. it don't block 135 on any of these machines.

yes that indeed explains alot of things about why it wasn't working. I guess we'll have to wait for other ones or even better try to find our own vulnerabilities. That'll be pretty kewl.

Scriptgod ... great info ...
but are you also saying you managed to find shellcode without \x89 so you can do XP SP1 ?? i've looked everywhere for that ... ... maybe i should look better )

scriptgod, i have tried all the xploits on my unpatched localhost (XP SP1) and it doesnt seem to work... port 9191 isnt even listening..

Can you point us to the URL of the ones you are using?

yea i guess it could be nice if you post the ones that you wrote ...
i tried these exploits on me and none of them works, so either i am doing something wrong or my system isn't compatible with this exploit (but i got xp sp0 english) so if you can post the code it would be great (for priv. escelation to bypass those darn access denied!) hehe thanks

this exploist will not work under windows xp. because windows xp checks the parameter on your local machine too. so you can not exploit with NetAddAlternateComputerName and NetValidateName. but I think that the paramter check is performed by this 2 functions so it should be possible to send the exploit code local and remote with special rpc packages or simply by writting to the pipe wkssvc on the target machine

i have written my own exploits with the shellcodes from the public exploits ALL of them work. i'm not shure if the loopback (127.0.0.1) works - try your lan ip