[nuorder]

based off
www.k-otik.com/exploits/07182004.ms04_022.cpp.php
and
www.microsoft.com/technet/security/bulletin/MS04-022.mspx

Quote

//*************************************************************
// Microsoft Windows 2K/XP Task Scheduler Vulnerability (MS04-022)
// Proof-of-Concept Exploit for English WinXP SP1
// 15 Jul 2004
//
// Running this will create a file "j.job".  When explorer.exe or any
// file-open dialog box accesses the directory containing this file,
// notepad.exe will be spawn.
//
// Greetz: snooq, sk and all guys at SIG^2 www security org sg
//
//*************************************************************

compiles fine under lcc which you can get here www.cs.virginia.edu/~lcc-win32/

Attached File(s)

•  ms04_022.rar (4.74K)
  Number of downloads: 265

[Ecko]

thx 4 compiling :D

[Zimmergren]

Nice one.
Got any good ideas on howto use this exploit?
I want to test it at work (where I'm admin) to see what it can do. I want a real badass :P

[Serhat]

I already installed the newest patches etc.. and it crashed explorer here :)

Serhat

[illwill]

no worky for me.. not sure if i was already patched too lazy to look

[Zimmergren]

It didn't work here either mate.

[nuorder]

works on an unpatched system
doesnt work on a patched system
and make sure task scheduler is running

[JDog45]

nuorder, on Jul 19 2004, 03:35 AM, said:

and make sure task scheduler is running

ah that's the key, because I had no luck with it on my network... :huh:

[=k3Rn=]

Would be a really nice new exploit !

But this one is only a proof of concept code.
It would be great if someone could mod it so that it spawn a shell ! =)

Greetz
=k3Rn=

[mortello]

Its already done....you already posted in 3 other threads about it....just wait for someone to compile it, or compile it yourself using the tips from other users (check the scriptgod thread).

[=k3Rn=]

ok, i'll try to compile it and then i'll have a look at it ...

do you have any experiance with it? does it work?

[mortello]

Scriptgod coded one, ask him, I'm not interested into trying that...I patched my computer....but I know people made it work, so I guess its functionnal.....also there is a compiled exploit on illwill's site if you want it...