Government Security
Network Security Resources

Jump to content

Rpc Dcom2 / Messenger Service Exploits

- - - - - security windows scanner exploit
  • Please log in to reply
16 replies to this topic

#1 Guest_tte_*

Guest_tte_*
  • Guests

Posted 17 October 2003 - 04:29 PM

I think it will be most welcomed to have some proof of concept codes for these...

first the dcom2 exploit, which we have seen few broken codes lurking, and I personally never got to see a working exploit for the dcom2 (universal).
I think you have some information regarding the exploit, and most important exploits which already work (and should work ones) but only for specific versions of windows/service packs, so inspecting the offsets shouldn't be too hard of a work.

second, the messenger service exploit, i believe this one deserve abit more research, but well worthy... inspecting the scanner xforce released might help.

Please Consider it... I believe we have seen way too many port/banner scanners(superscan3 is good enough), professional security scanners(retina does the job), and lan compromising utilities (Cain anyone?), so we dont need to reinvent the wheel.

#2 boshcash

boshcash

    Staff Sergeant

  • Sergeant Major
  • 461 posts

Posted 18 October 2003 - 03:14 AM

u r right , all rpc2s are just DoS , and the messenger service already now has TWO scanners , the one u mentioned and retina scanner is released now

#3 VincentVega

VincentVega

    Private First Class

  • Members
  • 46 posts

Posted 18 October 2003 - 05:01 AM

But still no proven code or exploit made public...

Is is advertised anywhere this messenger hole, if we only had an working exploit now.... Bling Bling!!!

The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.


I can not be too hard to code an exploit tool :rolleyes:

#4 shaun2k2

shaun2k2

    Staff Sergeant

  • Sergeant Major
  • 348 posts

Posted 18 October 2003 - 07:16 AM

Most of the exploit codes released are deliberately fractured so that idiots cannot run them without a tiny amount of knowledge. Don't worry, the exploits can easily be fixed to work - it may be you who is using them wrong, not broken code as such.

I don't think writing an exploit code is really a "software project", it's just a waste of time. What's the point in writing exploit codes anyway? Real pieces of software like sec. scanners are a lot more worthy of time than exploits are.

Agree or disagree? If enough people want the exploits, we'll write them.


-Shaun.

#5 Guest_tte_*

Guest_tte_*
  • Guests

Posted 18 October 2003 - 06:52 PM

it appears to me what 90% of the visitors and members of this site and forums are looking for, are the exploits. there are already plenty of general security scanners, port scanners, etc. You can see yourself that the threads getting the most attention and replies, are (new) exploits related, and exploits scanners. Maybe the reason you don't see much comments on the topic here, is because they are all checking the Exploit Research & Discussion , and File Downloads forums most of the time, searching the above (the numbers say that alone) :)

anyhow, I personally, and probably representing many others, don't have any use in another version of the same type of program or concept, you may come up with. As much as I have respect for your work, and I do respect it!, unless you introduce a new concept or new useful ideas, I won't have much use in what I already have.

Finally, I'd still welcome any work might come up from the team, and wished I could help myself, but I never gone studying programming beyond pascal in highschool ;)

#6 shaun2k2

shaun2k2

    Staff Sergeant

  • Sergeant Major
  • 348 posts

Posted 19 October 2003 - 01:35 AM

So, basically, you want us to write exploits for you? I personally consider it pretty lame to ask people to write exploits, because you want them. May I ask WHY you want the exploit?

Finally, I'd still welcome any work might come up from the team, and wished I could help myself, but I never gone studying programming beyond pascal in highschool wink.gif

That's no reason not to learn. I've never done any programming in school, I'd be buzzing if my school offered programming lessons to people. That, to me, seems like an excuse. Sure, I'd be happy to write exploits as a PoC code if I discovered the vuln, or the vuln was very recent, but it seems to me like you just want us to write it so you can "r00t" some boxes.

Still, if people want it, we'll write it. I wanna see some more posts in favour first though...


Thank you for your time.
Shaun.

#7 intranet

intranet

    Private

  • Members
  • 12 posts

Posted 19 October 2003 - 08:44 AM

Personally, and please take this only for what its worth, but I would be interested in seeing exploits written, but if possible in a forum so those interested in whats going on in there can learn from their creation.

Rather than just having exe's or source posted, maybe someone(s) could walk some of us interested through the creation process , maybe even in how they are discovered.

I have very limited programming knowledge , perl , some basic assembly ( was focused ) , bash and the like. But would be very interested in learning what I can.

Just my 2 cents

#8 shaun2k2

shaun2k2

    Staff Sergeant

  • Sergeant Major
  • 348 posts

Posted 20 October 2003 - 07:52 AM

Well, see, what I'm trying to say is that I would be happy to write exploits for the vulnerabilities you guys mention, along with the other team members, but it seems like you want them for selfish reasons. These projects are supposed to enhance the image of GSO, make this great place receive recognition for the great place that it truly is, the recognition it deserves.

Seriously, releasing a "sploit" on bugtraq without an advisory (e.g you didn't discover the vuln) looks pretty lame. It seems that people are only wanting us to write the exploits for your own purposes, so you can indeed "r00t" a box in which you certainly don't fuking belong.


ComSec, GSecur, may we have your input on this? I'd *love* to hear what you want the team to write? :)


-Shaun.

#9 intranet

intranet

    Private

  • Members
  • 12 posts

Posted 21 October 2003 - 08:46 AM

I'm sorry if I didn't come across clearly, I in no way was asking for someone to code a "ploit" for me to use to root a machine outside of my own, I honestly have no use for a root or other shell on a remote ( or local for that matter ) machine that I am not permitted to.

I am interested in this the same way I was interested in learning some basic assembly and the like inolved in sc programming. That I was taught in a similar enviornment, with knowlegable users such as yourselves who got together to walk people through the background of the creation process and the creation process itself. No working code was ever posted at any time, if you took the time to learn what they were teaching, creating working code was up to you. You got all the information you needed to understand what was going on and why sc's security features were bypassable. Any of us could have went to public sites to download sc fixes, the point in being there was to learn. This project did produce what many considered to be one of the best concepts in sc fixes ( i played no part in the actual creation, I was learning what they were teaching as they went ). So anyway, the point I was slowly getting to was while being geared toward teaching, they were able to produce a very high quality finished product, which btw - was never posted in full. No copying and pasting from the board could have created the fix. I also never use the fixes, but it sure was interesting to learn how it worked.

If that was not the intent of this thread, I am very sorry as I misunderstood. I didn't mean to give the impression that I was begging for code, I'm really not.

I do believe I made certain assumptions about the software project that I should not have. I viewed it as a "teaching project" , I can't even say I know for sure why I made that assumption. Writing working code and posting it here for us is really not what I was asking for, and again I apologize if it came across that way.

__________________

intranet

#10 Dillinja

Dillinja

    Specialist

  • Sergeant Major
  • 1,014 posts

Posted 21 October 2003 - 09:43 AM

I do believe I made certain assumptions about the software project that I should not have. I viewed it as a "teaching project" , I can't even say I know for sure why I made that assumption


While slightly off the mark in regards to the purpose of this project, and what we hope can be achieved, theres no reason for you not being able to learn from the process.
All the main players on this project have all shown themselves to be very helpful and all can supply answers to any queries you might have as the project progresses. In fact, Ive seen some of the most informative and insightful posts from these guys in reply to coding and coding process questions.
In other words, ask questions and learn from the answers. :D

#11 shaun2k2

shaun2k2

    Staff Sergeant

  • Sergeant Major
  • 348 posts

Posted 21 October 2003 - 10:16 AM

Okay, I have a better idea in that case - the team (gan_gr33n, woutiir and me and whoever else) can produce a paper explaining in a bit of detail how to design and write an exploit. How does that sound?

We'll have a poll for what people want the most. Something realistic and useful would be cool. :)

I'll start the poll...


-Shaun.

#12 Guest_NeO``_*

Guest_NeO``_*
  • Guests

Posted 23 October 2003 - 01:37 PM

yeah I think it's a better idea than posting aut0haxor ....

#13 Travis

Travis

    Specialist

  • Sergeant Major
  • 2,101 posts

Posted 23 October 2003 - 04:50 PM

ComSec, GSecur, may we have your input on this? I'd *love* to hear what you want the team to write? :)

I'm not either but I can definately see you having a point there... depending on the situation but I would much rather ave a peice of software that can be distributed with the sense that people will come to GSO for their ideas and knowledge and ours on the other hand meaning something that will last... sure you can create exploits... but making a security scanner or anything can be well said in the sense of a "GSO Introduces... the new whatever whatever Version .1 .2 .3" get my drift?

Good point Shaun Well taken and I can see where the idea that exploits would somewhat bring a large skiddie population here...
Just my .02$.
--dissolutions

#14 gman24

gman24

    Specialist

  • Sergeant Major
  • 643 posts

Posted 23 October 2003 - 07:11 PM

Most of the exploit codes released are deliberately fractured so that idiots cannot run them without a tiny amount of knowledge. Don't worry, the exploits can easily be fixed to work - it may be you who is using them wrong, not broken code as such.

I don't think writing an exploit code is really a "software project", it's just a waste of time. What's the point in writing exploit codes anyway? Real pieces of software like sec. scanners are a lot more worthy of time than exploits are.

Agree or disagree? If enough people want the exploits, we'll write them.


-Shaun.

Hmm, lol. I should have known when people had working versions but the return 0; was missing. It's actually a good idea. I posted a compilable version of one though, sorry about that. I will refrain from doing that in the future.

#15 shaun2k2

shaun2k2

    Staff Sergeant

  • Sergeant Major
  • 348 posts

Posted 26 October 2003 - 02:28 AM

Yeah, thanks dissolutions. Nobody wants to visit GSO because we can write "sploits".


-Shaun.





Also tagged with one or more of these keywords: security, windows, scanner, exploit