XeLoRy
Jul 2 2004, 11:25 PM
| CODE |
======================================
| |
| MS04011 Lsasrv.dll RPC Auto Hacker |
| (c) 2004 by cyrex |
| ENJOY! |
\\__ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __/
This Auto Hacker is not for any Abuse Action
;) all rights provided by cyrex..
you know the rest of shit..
Steps:
1. Which Files does the auto hacker contain
2. What shit is what ?
3. How to use?
4. Contact
5. !!!!! FAQ !!!!
---------------------------------------------------
1.
check.exe
root.exe
lsass.exe
2 && 3 .
check.exe:
This Programm will check the results of scan.txt from
scan100,500,1000.exe.
We start the Programm with the follow arguments
c:\> check.exe scan.txt -t
Later if its finished a new text files is created
name is checked.txt the information in this txt file is
something like this.
Windows 5.0 127.0.0.1
Windows 5.1 192.168.1.3
Wee see the first ip is Win2k and the second WinXP
its time to use root.exe
root.exe:
This programm is our Auto Hacker;) please DONT DELETE checked.txt
this file is required for root.exe else it wont work or dont modify
the file
just start only root.exe without any parameter
C:\lsass>root
======================================
| |
| MS04011 Lsasrv.dll RPC Auto Hacker |
| (c) 2004 by cyrex |
| ENJOY! |
\__ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __/
[*] Creating Auto Hacking File...
[*] Finished..
[*] Sleeping a while
....
The programm creates a temp file which is needed for root.exe
the Auto Hacker use Generel a BINDSHELL so if its stoping at
Attacking..OK like 3 - 4 seconds
try to netcat to the ip and the port 666
nc IP 666 !!! <- IMPORTANT
if you connect to the server with nc ! the autohacker
exploit the next target;)
and you open a new netcat and connect again again
lsass.exe:
This programm is the mainly program;) but modified by cyrex
extra for the autohacker..
for more infos try only to start lsass.exe
4.
try to find me,
my name is cyrex
GREETZ to kids who use this pack
and greetz to my friends
5. FAQ PLEASE READ FOR WIN2k USERS ONLY
Q: Why i cant run it over Windows 200?
A:
if you want to use this root.exe , too
just create a directory called
c:\WINDOWS\system32
and put in cmd.exe
|
Well, i love this autohax0r but, how can i use it on a remote box without passing by radmin viewer or vnc (too lame) ?? Coz when i start check scan.txt -t in a netcat shell, i don t have a answer in the shell, but the exe file is loaded in process, but it doesn t create any checked.txt
Does anyone can help me to exploit and autohax by this autohaxor on a remote box and via shell ?
Thx a lot for all answer and advertises
RedShadow
Jul 2 2004, 11:44 PM
lsass is dead sasser and all the other lsass worms killed it.
XeLoRy
Jul 3 2004, 05:17 AM
not dead for me, have still mass result in LAN scan
but could U help me plz ?
slynx
Jul 3 2004, 06:35 AM
You know, It kind of hurts me everytime someone says an exploit is dead.
Exploits don't die. Sometimes ISP's will block that port over the internet, but
that doesn't mean there arn't machines still vulnerable to it. Besides that, the lsass
overflow is a RPC exploit, and I'm surprised netbios and the like was ever allowed
over the public internet.
Exploits like this are just as valueble now as they were when you saw the first
post on Bugtraq.... there are still just as many machines out there to exploit with
this. So what if you can't get SYSTEM on personal computers over the internet now?
It wasn't a server exploit anyway, it's not meant to be!
I still find about 1/2 of the machines scanned during penetration tests on corporate
networks to be vulnerable to the old MS03-026 RPC DCOM Buffer Overflow. About
3/4 with lsass. If this kind of a script isn't a good way to demonstrate poor security
practices, I don't know what is.
Sorry for my rambling it's 1:30 am here and I've been sick all week.... just my
$0.02
FYI - I don't endorse script kiddies (whice cyrex is obviosly king of) but if you post
the files I may be able to help you with the nc shell issue, since that's more
universal than "how can i use this to pwn everyone on my subnet?"
And no, by "this kind of a script" I'm not refering to autohackers, just exploits ....
(although automated pen-tests like those in CORE IMPACT do indeed make life
a little easier...)
Sorry for harshness of this post :/
G777
Jul 3 2004, 08:32 AM
why dont you just write your own script
i made a simple one for the hod sploit and it still gets results on internal scans
basically i execute the scan command via ftp site exec and when its done i execute the autohack batch file from radmin`s telnet
it works great and all shells are forwarded to my ip
however you will get more results running it from the desktop on the remote machine and having the shells connect back there
T3cHn0b0y
Jul 3 2004, 02:19 PM
The program probably wont run under SYSTEM level so you need to execute it as a user with a proper user profile. You can do this with runas.
runas /user:Administrator [program]
Or better still, modify the service properties which cmd.exe is running under. Serv-U? Change the logon profile to a vaild user on the box.
ANTITRUST
Jul 3 2004, 03:01 PM
Does Y have a bond to test the tools?
ShouiZen
Jul 3 2004, 03:41 PM
yep,
Where is the tool ?? XeLoRy
BBQ CD
Jul 4 2004, 01:06 AM
would be great if someone could serve the check.exe ... didn't found it yet !
blahplok
Jul 4 2004, 01:35 AM
thank's.... although lsass is dead, maybe will usefull next day....
globey
Jul 4 2004, 12:16 PM
it's kinda unusefull tool, most the fast server's are pacthed from this hole, so this tool can be help us.
but tnx any way dude, noce tool.
ivan288
Jul 4 2004, 03:42 PM
its not DEAD!!! try to scan a lan on a uni, you'll get plenty of results.
XeLoRy
Jul 6 2004, 02:05 PM
| QUOTE (ShouiZen @ Jul 3 2004, 03:41 PM) |
yep,
Where is the tool ?? XeLoRy |
check the topic on the forum, i cant post it a seconde time coz it s still available on the forum, try search engine on...
forza
Jul 6 2004, 08:49 PM
Does anybody have a link to download?
dijk
Sep 7 2004, 08:24 PM
maybe a littly late but found it on google:
| CODE |
http://ns2.elhacker.net/rojodos/exploits/aut0r00ter_final.rar
|
maydje
Sep 16 2004, 01:48 PM
Wierd ... I d/l'd this yesterday to give it a go since lsass is definately not dead ... when I tried the check.exe <filename> -t command I get this error
===============================================
MS04011 Lsasrv.dll RPC OS Checker v1.1 by cyrex
===============================================
[-] gethostbyname : Operation not permitted
Anyone else run into this one?
maydje
Sep 16 2004, 03:30 PM
Problem solved, I removed the cygwin dlls that are installed with the stripped down metasploit cyg, and removed all extra text from the scan.txt file created by scan500.
alpha|beta
Sep 17 2004, 01:17 PM
| QUOTE (maydje @ Sep 16 2004, 01:48 PM) |
| [-] gethostbyname : Operation not permitted |
A possible WinXP SP2 issue perhaps? Ah, never mnd, i just saw your reply. Enjoy.
IcedOut3E
Sep 17 2004, 10:37 PM
Yeah, just to add to that incase anyone else has that problem.
I only get that when there is other words in the scan.txt file. The scan.txt file needs to be just ip's.
Hope that clarifies
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
