-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I also ran it on an XP machine (Pro) that was up to date except for the latest patch for RPC and it worked perfect. Telnet to port 4444 and had a shell, then as soon as I typed "exit" the host shutdown and rebooted. Stu - -----Original Message----- From: Christian Kieft [mailto:christianat_private] Sent: 30 July 2003 17:16 To: Jeff Adams Cc: incidentsat_private Subject: Re: Exploit for Windows RPC may be in the wild! On Tue, Jul 29, 2003 at 01:09:33PM -0400, Jeff Adams wrote: > It seems as though the success rate on un-patched machines is > not 100% On un-patched machines I was getting it to work maybe 60 > to 70% of the time. I tried a few XP machines (patched up-to-date except the patch for this RPC hole) and it didn't work perfectly - the daemon simply crashed and XP rebooted. chr - ---------------------------------------------------------------------- - ----- - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQIVAwUBPyh5AZMRMj30dWmZAQL5oRAAgFqBWmrzRSWoR+g92qmS9UbbtnDnqGW5 yYwYBwjtwyKxHavqTO0FN8n0Jbjv2WQAmq4tFK/scqIa6RSW3kAz8wwkA6K6O7Lf zYTdOHVvgIs9IoqlGNeIP+43fzvbnGefXyt2A4J5BIe3FKocCPfQlQhip5z0pPt9 aYkWx89HJKjDA5WSQMkxlPO1ODFvnftWPGzpvQhRC1c+22CqvDlptLN63npEjD72 LO+nRRMJ0MaR5OLvUYLNQRRGSP1Yyl4F2QqVsF+ubBABsTdRH9nfoGGonCPjI7so DV5Jg0NX6s9WKSdQrNeLAR8NVj1PbqKqdQmWYGLMFRtn4i2xcWAWWvzGgOB5578k 4F0rt0DgOfXX+Jx957xS2aRBer/MeLd5YcfIkACHevT0mWgD9IX0CfZm931+82ye lYQ78LzIcz+dP2wb5ZhGCH1s2fp3qQDJIr0Av17yeaIYIDQiuFonNzYyPgCNHHv2 Pprfk4OD2GMcXctJo8kzJ9diXET3o4SCnZ3D1NfhO97jk4X/6cm0PJwqS32cHJJz FC/7YGjUAbEq9vjosv//7uJR+VfJ/3pcE04mt6zKkdfwMoOhx2qV48Z8n7vIQEeq LddobUH83lh5rDyxVF+ZtslkfdRYpAwe+SIKda0GipYCBQV7JeEA0JJZjCAI2YPw Qe7abVwBEL8= =c7BI -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 31 2003 - 07:51:29 PDT