this one could really be helpful sometimes if you know how to use it properly... neway for those who cant see the downloads section... here's pipeupadmin...
be sure to check out the other files there, fochrissakes... there's alot of them there...

nice one. i have tried thic xploit and it looks promissing.
thx!

btw. some say that there is a new tool ( it has been distibuted over some chinese sites ) that can grant access using same methods as blaster.F worm, and if I got it right you could get access even to computers that have been patched for blaster worm

I think it's on www.cnhonker.com or something,a real cool chinese site

Just a question,once u exploited succesfully a dcom2,how and what u use to connect to the machine?

netcat?

it doesnt work here,telnet neither,also tryed with dntu but nothing..maybe i'm putting the wrong port after the ip,which port u use with netcat?

getting a not a win32 applecation msg??????

finally, a frontend gui for this exploit as kaht2 for rpc1 is out!!!
but i don't know where to find!!!
could anyone help?

Don't know I'm looking for it too and also for this exploit compiled for WinXp but I think I can dream a long time again

i can`t compile the exp. code on my linux box .
was it a win32 code , or u changed it to work on win32 , throught cygwin .... ?

anyway , i`m still looking for a fully working code , for Linux based OS...

w00t im gonna install windows 2000 right now so i can use this

thnx will try it

[+] Prepare shellcode completed.
[+] Connect to 127.0.0.1:135 success.
[+] send 72 bytes.
[+] recv 60 bytes.
[+] send 1592 bytes.
[-] recv 40 bytes. Bad luck!


All time is Not GOod is oki?

ok i got a Target or or crash message, but how do i login as that user on the remote computer?

[+] Prepare shellcode completed.
[+] Connect to 192.168.0.54:135 success.
[+] send 72 bytes.
[+] recv 60 bytes.
[+] send 1592 bytes.
[-] recv 40 bytes. Bad luck!


why do i get this message on a host where i know that it is vulnerable ? its on my own private network and sure not patched ! its a win2k sp4 os...

cya

p.s. anyone got the windows messenger exploit spawning a shell ?

On a WinXP SP1a, using r3L4x's GUI tool, I was able to access and open remote shell on an unpatched system (prescanned with KB2 tool from MS or Foundstone). I then was able to FTP a NC client and run it on remote system.

Question-
Does anyone know how to create reset the ADMINISTRATOR PW on the local system account from the shell? I don't want to have to FTP a remote control client to the system if I do not have to.

Thank you,

-HK

r3L4x's GUI tool is for dcom1...

Well to be hounest i'm really surprised that you guys are still trying to get this crippled code working. To me its simple wait for another exploit a new one, one that exploits the bug but uses DIFFERENT shellcodes as you can see these just don't work ... or rarely work.

I don't know what your drive is to keep editing crippled codes, i saw a reply with editing the shellcode. I think its a good idea but if i read the replies in here i would be really surprised if anyone in here is capable of writing up a new shellcode! Tho don't feel offended, that is not my point...

greets

Remember, its v2 of the DCOM1 exploit. Since i havnt found any shell code or scripts that were as reliable as some of the DCOM1 ones were, i havnt put the time into making a newer version.

It doesn't work, simple.

Thanks...I get lost in InfoSec land sometime.

The NET USE xxx commands work great with r3L4x's tool. Guess I'll stop and think to type NET USE /?...
At shell prompt, I was able to create local accounts, then access then through a NULL session.

Thanks!

r3L4x's V2 tool works Great!

-HK