Re: Command Line RPC vulnerability scanner?

From: Thorsten Holz (thorsten.holzat_private-aachen.de)
Date: Mon Aug 04 2003 - 11:47:23 PDT

Next message: Valdis.Kletnieksat_private: "Re: WORM_MIMAIL.A Anyone have any info on what this does yet?"

Previous message: Jerry Shenk: "RE: WORM_MIMAIL.A Anyone have any info on what this does yet?"
In reply to: Jay Woody: "RE: Command Line RPC vulnerability scanner?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon Aug  4 11:08:42 2003 Jay Woody wrote:

> I have seen 135, 137, 139, 445, 80/443 (any IIS box with COM Internet
> Services installed is what dlimanovat_private reported) and also
> according to dlimanovat_private any machine that has RPC over HTTP is
> exploitable on 593 tcp/udp as well.  I could swear that I even
> remember seeing 4444 in one person's e-mail now, but I can't find it
> to attribute it.  Sorry.

dcom.c binds a shell on port 4444 - probably you saw this email...

Just my 2 cent,
  Thorsten

application/pgp-signature attachment: stored

Next message: Valdis.Kletnieksat_private: "Re: WORM_MIMAIL.A Anyone have any info on what this does yet?"
Previous message: Jerry Shenk: "RE: WORM_MIMAIL.A Anyone have any info on what this does yet?"
In reply to: Jay Woody: "RE: Command Line RPC vulnerability scanner?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 04 2003 - 12:27:54 PDT