if the guy did a pen test for his bank was that internal or external, for sure I can crash everything inside the network..
I expect that a worm will develop there no doubting in that, I am just not one for the sensationalism of these things, yeah its expected, but wtf why panick people, the patches are out there, have faith and trust in what you protect.. ------------------------------------------------------------------------- FIGHT BACK AGAINST SPAM! Download Spam Inspector, the Award Winning Anti-Spam Filter http://mail.giantcompany.com ----- Original Message ----- From: "morning_wood" <[EMAIL PROTECTED]> To: "mobly99" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, August 02, 2003 7:59 PM Subject: Re: [Full-Disclosure] RE: possible MS03-026 worm? > funny.. i had traces and warnings about this for a while now... > > http://exploit.philez.com/attack/RPC-DCOM-DD0S-attack.txt ( relocated > www.exploitlabs.com files ) > > > http://nothackers.org/pipermail/0day/2003-July/000140.html > > http://nothackers.org/pipermail/0day/2003-July/000143.html > http://nothackers.org/pipermail/0day/2003-July/000154.html > > this was when the world said.. umm > > http://nothackers.org/pipermail/0day/2003-July/000146.html > and I quote > > "hi ! > i did a pentest for a bank in order to verify the RPC attack consequences > !! > .. It's the biggest attack .. I broke into many servers and also crash many > others !! > I think 95% of the windows infrastructure was under control in less than 2 > hours !! > > so, morning_wood was RIGHT !" > > > > guess ppl should listen to me instead of waiting for @steak (sic) to read > my postings. > > etc etc > > Donnie Werner > co-founder e2-labs > [EMAIL PROTECTED] > > > > ----- Original Message ----- > From: "mobly99" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, August 02, 2003 11:03 AM > Subject: [Full-Disclosure] RE: possible MS03-026 worm? > > > > I forwarded the files I found to neohapsis and securityfocus. > > I'm not equipped with the knowledge to disassemble the code hopefully > > they can shed some light. > > > > The rpctest.exe appears to determine the remote system's OS and spawns a > > shell, which you can then telnet to. > > > > Tftpd.exe is this tftp server : http://www.hanewin.de/e-tftp.htm > > > > Worm.exe is a SFX that has rpc.exe tftpd.exe and rpctest.exe in them, > > extracts and launches them.... > > > > > > > > -Dave Hopper > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
