mailing list archives
Re: [PEN-TEST] RDS exploit simulation
From: Johan Persson <johan () DEFCOM-SEC COM>
Date: Mon, 18 Sep 2000 18:26:48 +0200
this is what you need:
NT4.0 sp3 (with iis4.0)
iexploder4.01 (any higher version will fix the msadc bug)
----- Original Message -----
From: "Oliver Petruzel" <oliverpetruzel () EMAIL COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Monday, September 18, 2000 5:14 PM
Subject: [PEN-TEST] RDS exploit simulation
my dearest pentesting compadres,
ok, im at a loss to determine why this isn't working right now, so i
will throw this out: Can somone..anyone! please list the exact
specifications for as simulation test of Rain Forrest's RDS exploit?
Starting with a naked system, what EXACTLY needs to be installed to get
a vulnerable MDAC and RDS services? All my previous attempts have
yielded safe systems. (uhg..and yes, I answered "yes" when it asked me
if I wanted RDS "on"...)
I have tried every IIS version/service pack installs/etc and still come
up with a non-vulnerable system. I have used this so many times in the
wild, it's hard to imagine what I'm doing wrong.
I need it for demonstration purposes (among 15 other demo'd exploits im
doing for the powers that be), and although the script is neato to watch
chugging away, it's all for nothing when it comes up dry!
Also, can anyone recommend a good pre-existing IMAP or POP vuln script
and simulation config?
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com