Answered one of my own questions: (Thanks to http://www.ultrabac.com/kb/UltraBac_Help/UBQ_Articles_(FAQ_s)/UBQ000192.htm)
WSAECONNRESET Error Number: 10054 Connection reset by peer. A existing connection was forcibly closed by the remote host. This normally results if the peer application on the remote host is suddenly stopped, the host is rebooted, or the remote host used a "hard close" . -----Original Message----- From: Mike Gordon [mailto:[EMAIL PROTECTED] Sent: Sunday, October 12, 2003 9:44 PM To: 'Paul Tinsley' Cc: '[EMAIL PROTECTED]' Subject: RE: [Full-Disclosure] RE: Re: Bad news on RPC DCOM vulnerability I had better luck compiling the cyberphreak version (have since managed to compile several flavors), but it still only seems to DoS patched and unpatched systems. The code gets stuck in a loop and always produces error 10054. Any idea what that means? if(ft) { int i=0; while(1) //this seems to be an endless loop, till a error apears!! { if (send(sock,(const char *)buf2,len1,0)==SOCKET_ERROR) { printf("\nSend failed.Error:%d\n",WSAGetLastError()); return 0; } else { printf("\rStatus: %d",++i); } //Sleep(1000); } } -----Original Message----- From: Paul Tinsley [mailto:[EMAIL PROTECTED] Sent: Sunday, October 12, 2003 8:38 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] RE: Re: Bad news on RPC DCOM vulnerability Just out of curiosity could you specify why you consider the other one "better code?" The only real differences between the two are that they both "fix" the 'cs+=buf;' line differently which is kind of silly to bother fixing in the first place, considering the function that line of code sits on isn't even called so it should be commented out or deleted to start with. The only other real difference is one decided to use an int main and one uses void main. Well that and the SecurityLab copy breaks part of main with the 'if(argc!=2){' check, as it is meant to have two different modes of operation, one target or a class B. Mike Gordon wrote: > A compiled version is found at > _http://www.SecurityLab.ru/_exploits/rpc3.zip_ > But it seems to only crash systems. > > Does any one have a clean complile of the "better code" from > _http://www.cyberphreak.ch/sploitz/MS03-039.txt_ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
