Re: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability

• Previous message: Dave Korn: "[Full-Disclosure] Allchin bug p-o-c."
• In reply to: petard: "Re: [Full-Disclosure] Re: Bad news on RPC DCOM vulnerability"
• Next in thread: Florian Keller: "AW: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability"
• Reply: Florian Keller: "AW: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability"
• Reply: Florian Keller: "AW: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Sat, 11 Oct 2003 01:28:40 -0700 (PDT)

why those *security* sites keep *exploits* online even when they know that this is an unpatched vuln !!!!
 
personnaly i'd like to test this exploit on my systems, but can't compile it
http://www.k-otik.com/exploits/10.09.rpc2universal.c.php
 
can anyone post the .exe please, to test our machines ...
 
Cheers.

petard <petard@sdf.lonestar.org> wrote:
On Fri, Oct 10, 2003 at 07:05:46PM -0500, Bobby Brown wrote:
> So I can "assume" no other information is posted, other than this site, to collaborate the RPC issue is not resolved or should we all try to translate this site using the helpful hints, which they are?
>
>
k-otik posted some similar if not identical code, corroborating (to a point anyway) its
effectiveness. (It most likely worked for one of them if they posted it.)

I suggest taking the linked code, compiling it (use MSVC7) and testing it to confirm
for yourself. Please test on a machine that's not connected to the internet, though :-)

HTH,

petard

---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Dave Korn: "[Full-Disclosure] Allchin bug p-o-c."
• In reply to: petard: "Re: [Full-Disclosure] Re: Bad news on RPC DCOM vulnerability"
• Next in thread: Florian Keller: "AW: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability"
• Reply: Florian Keller: "AW: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability"
• Reply: Florian Keller: "AW: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]