I finally found working dcom2 exploit !!!

here is following the exploit and the scanner !!!

(that's not the one wasn't working !)
a buddy of mine modified it so it really creates administrator acount "e"

(please compile it for windows cause many friends ask for it !!!
works perfect anyway on suse 7.2 !!!)

Ok , Thx , Will See If It Works , Thx Alot For The Tool ........

EDIT : PLz Note That Is Isn't Complied.......

---------------------------------CAUTION!!!------------------------------------
----------------------------------------------------------------------------------
This is source file for C on linux OS !!! (works in win i think)
(cause i used win headers in linux!!!) i use wine emulator !
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------

sb pls compile scanner !

mhmh a linux code?? with winsok.h as an include file??
sounds strange
anyway compiled in windows

send me the compiled versions for windows please !!!
some buddies want these !!!
toscana@otenet.gr

Exploit compiled in windows, no success as of yet.

ahhhhh DUDES ! we need correct scanner ! it filters real vuln ips out and give them out ! xfrpcss shows ips that are not vuln so pls someone compile the scanner !

Im using the eeye rpc ms03-039 scanner

The guy who posted it said his buddy mod. it to acually work... so who knows...

the exploit ist from the 16th september but the scanner looks very interesting
maybe better than the ms shit

this code compiled ok for linux !
of cource i use more headers than provided by OS (i entered and win headers)
also it is xploit for dcom2 and not old one !
it creates acounts with username "e"
i sploited a remote server 212.205.12*.** can't say more

if someone has the xploit compiled for win and the scanner too please send me to :
toscana@otenet.gr cause a frient of mine requested this !
thanmx men i hope this helped !
also the cheat is that you try exploit not really vulnerable systems !!! (look 4 posts before !!!) that's the solution!!! (crackie told the solution!)

I have compiled The Code!

guys just found !!!
this exploit uses shellcode for win2000 with sp3 and sp4
so that's why it doesn't work for xp!!!
someone change the shellcode?
(sorry for the incovinience! but when i sploited the sytem 212.205.12*.**
i was happy and wanted to share this info!)
so now we need someone to modify source for win xp!!!

someone can post scanner plz

rpc is back....yahoo.... man i need a scanner if possible.... cant compile it .... wat compiler u guyz use ?

whats with the scanner ? have anyone checked it?

ps: damn i must go sleeping

ill do anything for the scanner .... someone help ... my compiler wont compile shit ...

hmm only win2k.....
have you a "win2k machine scanner" ? ^^

Here the Dcom v2 scanner

Grezz
Hyp3r

many many many thanx to all who helped dcom2 to actully work ... thanx all u coders for all ur hard work for this ....

Has anyone compiled the exploit ?

Can anyone post what it says when u are successful. And also does the user it adds have admin rights?

Thanks for sharing!! kisses!! now we only try to compile with winxp

[+] Prepare shellcode completed.
[+] Connect to ------------------:135 success.
[+] send 72 bytes.
[+] recv 60 bytes.
[+] send 1592 bytes.
[+] Target crash or exploit success?



.....................

For me its the same


[+] send 72 bytes.
[+] recv 60 bytes.
[+] send 1592 bytes.
[-] recv 40 bytes. Bad luck!



tried 100 hosts with VULN

ok, so how do we do things with the user name... ? what is the point of it being made?

doesnt sound like an admin account to me hehe

didnt work for me either ( if thats the compiled one which someone posted )

no it works, works perfectly, only u cant do anything with the user name it makes.

can someone add " net localgroup administrators e /add " to the code some how ? that would help ALOT ...... dont know how to do that ( i shouldve learned c instead of java )

well seems that it works for some Os , will need to try it out and c what we can do with the current rights

thx for sharing and compiling guys

damn soooooo many
"[port closed]"

im so madddd about the a$$hole who made the msblast... that was such a BAD idea. he's soooo idiot..



anyway if i get a msg that its vurn, it still doesnt work... so, hehe

hm i found many vuln servers when scanning.
but when trying to exploit em, i always get the following echo:

[+] Prepare shellcode completed.
[+] Connect to 212.***.***.***:135 success.
[+] send 72 bytes.
[+] recv 60 bytes.
[+] send 1592 bytes.
[-] recv 40 bytes. Bad luck!

=/

Address Status
194.80.225.255 [port closed]
194.80.225.254 [VULN]
194.80.225.4 [ptch]
194.80.225.9 [ptch]
194.80.225.1 [port closed]
194.80.225.252 [port closed]
194.80.225.253 [port closed]
194.80.225.64 [port closed]
194.80.225.65 [port closed]





all get "Bad Luck"... so, or im a very unlucky guy ;P or there's something (filtered) up with the exploit ?

ok... The exploit is fine, is not un-natural to go through 100s of IPs before u get a true VULN Ip... I have done well over 10 now. the exp does give the user "e" Admin rights, as soon as someone make this exploit bindshell or net localgroup Administrators e /add

I dont see anyone getting newhere with this I hope someone can figure something. I am trying to find out how to code the net localgroup command if/when I get it I will post... just hope somone beats me to it

some one edit this code more to bind the shell... use the shell code from

first thx a lot gys !

a) so many ppl r so crasy to get dcom2, but it would be not so easy how dcom1
and so many "Skriptkiddys" will hack and most of them dont anderstud the simpelst dos commands ...

what should i say ...

the best think in the last time was to change to lnx
( there r not so many noobs )


greetz and
have a nice day

Guys !!!

I don't believe what i just read !?!
it can't be you !

you get an acount on a remopte system (no admin rights) and you think the code needs modification?

that's terrific!
but why?
there are lot of exploits and programs making a guest or any user (restricted)
to get admin rights !!!

it's just if you get a guest shell on a linux system!
after that there are a lot of ways to become root !!!
don't take the hard way !!! (rewriting exploit !!!)

i hope this helped you !!!

mmmmmh this recompiled exploit dont seems good for me , I use the original ....

so it's not enaugh to add a new target in the target list to make it work?? a new shellcode is required?

no!
nothing is required to be done !!!
this exploit gives us an account on any remote vulnerable target running win2k sp3,sp4
aftrer that we can use other exploits to make this account root!!!(administrator priviledges !!!)
use pipeuadmin and other are great!!!

the only thing should be done is make the code works for winxp (now only win2k is working)
and maybe for win2k3

i'm waiting for new posts with the new exploits modified !!!

Thank for this tool.

If you have such a tool you should post it. Everyone needs that kind of tool. Getting Admin Rights, from user/guest would be great.

.....what the F**K

can not success....why? can work at xp?

its a good tool!
u can recompiled it when u get the SEH & JMP whit the other OSs

pipeuadmin is somewhere in the download are!!!

also tools like this can be easily found !!!

(search anywhere! it will find this!)