I've tested 4 different boxes with different sp's / xp and i've never had it reboot ever since i found/changed to use a universal offset, why this is i'm not sure, but everyone else appears to have machines reboot. -wire On Fri, 01 Aug 2003 12:51:21 -0400 Barry Fitzgerald <bkfsecat_private> wrote: >As an FYI: > >I've recently been testing dcom.c for pen testing on my network and the Windows 2000 SP3 and SP4 boxes that I was able to >penetrate did not reboot after exiting from the shell. I was using the dcom.c that H D Moore released (Based on Flasksky's >code) via a cygwin environment. Therefore, not having the system reboot, in my mind, is not a sign that an exploit did not take >place. > >Now, there could be a matrix of different patch levels that could cause the system to reboot or not reboot. Who knows why we're >getting different results... > >Is anyone else on the list seeing that at least some of their target systems are not rebooting after executing this code? > > -Barry > > >morning_wood wrote: > >>could be... but .. they are two seperate issues, >>if the box rebooted its a sign it was rpc-dcom, if not.. proally just a >>pop-up >> >>wood >> >> >>----- Original Message ----- From: "Peter Fry" <pafat_private> >>To: <incidentsat_private> >>Sent: Thursday, July 31, 2003 10:54 AM >>Subject: RPC DCOM exploit >> >> >> >> >>>We had what looks like an exploit for this vulnerability go around our >>>office network and only one machine was (seriously) affected. Somone >>>managed to get the machine to start spamming random IPs with what looked >>>like the exploit, sending out about 700 RPC pings per second. About the >>>same time, we had a NET SEND >>>message pop up on our windows boxen advertizing www.freeautobot.com. >>>Could this be a new tactic to propigate their spamulous message prompts? >>> >>>Peter >>> >>> >>> >>> >>>------------------------------------------------------------------------- >>> >>> >>-- >> >> >>>------------------------------------------------------------------------- >>> >>> >>--- >> >> >>> >>> >> >>--------------------------------------------------------------------------- >>---------------------------------------------------------------------------- >> >> >> >> >> > > > >--------------------------------------------------------------------------- >---------------------------------------------------------------------------- > -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 11:50:15 PDT