Full Disclosure: RE: RE: Re: Bad news on RPC DCOM vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: RE: Re: Bad news on RPC DCOM vulnerability

From: "Mike Gordon" <sigpizbguy () hotpop com>
Date: Sun, 12 Oct 2003 21:43:31 -0500

I had better luck compiling the cyberphreak version (have since managed to
compile several flavors), but it still only seems to DoS patched and
unpatched systems.  
The code gets stuck in a loop and always produces error 10054.  Any idea
what that means?

 if(ft) 
         { 
              int i=0; 
              while(1) //this seems to be an endless loop, till a error
apears!! 
              { 
                   if (send(sock,(const char *)buf2,len1,0)==SOCKET_ERROR) 
                   { 
                        printf("\nSend
failed.Error:%d\n",WSAGetLastError()); 
                        return 0; 
                   } 
                   else 
                   { 
                  printf("\rStatus: %d",++i); 
                   } 
                   //Sleep(1000); 
              } 
           
         } 

-----Original Message-----
From: Paul Tinsley [mailto:pdt () jackhammer org] 
Sent: Sunday, October 12, 2003 8:38 PM
To: mike () michaelgordon com
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] RE: Re: Bad news on RPC DCOM vulnerability


Just out of curiosity could you specify why you consider the other one 
"better code?"  The only real differences between the two are that they 
both "fix" the 'cs+=buf;' line differently which is kind of silly to 
bother fixing in the first place, considering the function that line of 
code sits on isn't even called so it should be commented out or deleted 
to start with.  The only other real difference is one decided to use an 
int main and one uses void main.  Well that and the SecurityLab copy 
breaks part of main with the 'if(argc!=2){' check, as it is meant to 
have two different modes of operation, one target or a class B.

Mike Gordon wrote:

A compiled version is found at
_http://www.SecurityLab.ru/_exploits/rpc3.zip_
But it seems to only crash systems.

Does any one have a clean complile of the "better code" from
_http://www.cyberphreak.ch/sploitz/MS03-039.txt_




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

RE: Re: Bad news on RPC DCOM vulnerability, (continued)
- RE: Re: Bad news on RPC DCOM vulnerability Dimitri Limanovski (Oct 10)
- RE: Bad news on RPC DCOM vulnerability VigilantMinds Security Operations Center (Oct 10)
- RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
  - Re: RE: Re: Bad news on RPC DCOM vulnerability Paul Tinsley (Oct 12)
    - RE: RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
  - Re: RE: Re: Bad news on RPC DCOM vulnerability Alex (Oct 12)
    - RE: RE: Re: Bad news on RPC DCOM vulnerability Brett Moore (Oct 14)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
- Re: RE: Re: Bad news on RPC DCOM vulnerability webheadport80 (Oct 13)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Schmehl, Paul L (Oct 13)