[Full-Disclosure] RE: whoch DCOM exploit code are they speaking about here?

From: Xie Chun Yan, Sherman (ccexies_at_nus.edu.sg)
Date: 09/17/03

  • Next message: Aditya: "RE: [Full-Disclosure] new ssh exploit?" 
    To: "Jerry Heidtke" <jheidtke@fmlh.edu>
Date: Wed, 17 Sep 2003 20:16:15 +0800

    Just to clarify a bit, to my knowledge this screen shot is taken from an
    exploit for MS03-026 . It's not for MS03-039. It was an internal version
    developed by a security company in China. Correct me if I am wrong.

    This http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php is by eyas
    (he is a member of xfocus.org, same as flashsky). It's the first public
    exploit for MS03-039 I've seen.

    If you've seen references to other exploits, care to share?

    Regards,
    Sherman

    -----Original Message-----

    The exploit at http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php
    is rather limited. It only creates a local administrator account named
    "e" with a password of "asd#321". But, it only works against Windows
    2000 (English) with SP3 or SP4, if it works at all.

    ==========================
    I've seen references to other exploits out there, along with some source
    and executables, including one that is much more capable. It allegedly
    works against all SP and language versions of both Windows 2000 and XP.
    It gives access to a command shell that has Local System rights, and
    might easily be modified to work as part of a universal worm package.
    Remember that Blaster and Welchia/Nachia both had to "guess" whether
    they were attacking W2K or XP. This new exploit works either way.

    Here's a link to a screen shot of it:

    http://haiyangtop.533.net/1.jpg
    ==========================

    Rather than a sleeping bag, a one-way ticket to a nice uninhabited
    island sounds better.

    Jerry

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Aditya: "RE: [Full-Disclosure] new ssh exploit?"

    Relevant Pages

    • RE: Internet Browsing Impeeded
      ... You may also capture a screen shot of the result to me so that I can ... Microsoft Online Partner Support ... | Content-Type: text/plain ... | the folowing links to download and install Windows Script and Java VM. ...
      (microsoft.public.win2000.termserv.apps)
    • Re: The problem with my external hard driver
      ... Filesystem 3G" and "Windows NT Filesystem"... ... ntfs-3g is a *driver* for ntfs, ... please provide a screen shot that shows both choices. ... then navigate to and select the picture file. ...
      (comp.sys.mac.apps)
    • Re: White line (1px) between mainmenu and toolbar controls
      ... I tried you're test project and had the exact same results. ... screen shot again if you would like, but it looks exactly like the first ... I am using Windows XP Professional with SP2, VS2003, ... > Hi Bob, ...
      (microsoft.public.dotnet.framework.windowsforms)
    • Re: Screen Shot Problem
      ... Windows XP Machine. ... how the heck can I include an error message in a technet post? ... them in is not as accurate as a copy/paste or screen shot. ... 1- You press and keep CTRL+Print scrn, and you capture all the sreen you ...
      (microsoft.public.windows.server.general)
    • Re: Screenshot to .JPG
      ... > I tried to do a screen shot doing both the PrtSc and ALT + PrtSc but ... Where is the screen shot on the computer? ... To use the key, press it to capture an image of the entire screen, or press ... the image to the Windows clipboard. ...
      (microsoft.public.windowsxp.newusers)