[30954] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DCOM RPC exploit (dcom.c)

daemon@ATHENA.MIT.EDU (sk@scan-associates.net)
Wed Jul 30 13:50:11 2003

Date: 29 Jul 2003 03:50:49 -0000
Message-ID: <20030729035049.22037.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <sk@scan-associates.net>
To: bugtraq@securityfocus.com

In-Reply-To: <20030727025321.64988.qmail@web11001.mail.yahoo.com>

>One glitch is that the exploitation is not very
>stealth. All RPC/COM based functions stop working
>completely after exploitation and fail to heal until
>the machine is restarted. Many of these functions are
>quite visible and easily noticeable(drag&drop,
>clipboard, property sheets, etc., for example). This
>happens without exception.

If the shellcode exit via ExitThread(), RPCSS will not die, everything 
rock as usual, and you can run the exploit over and over again.

sk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30954] in bugtraq

Re: DCOM RPC exploit (dcom.c)

daemon@ATHENA.MIT.EDU (sk@scan-associates.net)Wed Jul 30 13:50:11 2003

daemon@ATHENA.MIT.EDU (sk@scan-associates.net)
Wed Jul 30 13:50:11 2003