I've tried it on a couple of ms03-039 patched w2k boxes and it didn't DoS the RPC service like it did on my w2k-unpatched box. Are you saying that you've gotten it to kill the RPC service on a ms03-039 patched machine (particularily, w2k)?
During my ms03-039 w2k tests, the exploit runs for several seconds then stops with a status of ~5000 but it doesn't kill the RPC. The reason I'd like confirmation is that my Microsoft corp contact told me that Microsoft, back in Redmond, said this exploit doesn't work on ms03-039... I'd like to confirm/deny this claim. Especially, since they haven't updated their sec bulletin on ms03-039 for this vulnerability. Any feedback from folks who have successfully gotten this exploit to work on a PATCHED ms03-039 w2k box would be GREATLY APPRECIATED!!! Thanks, WebHead ====================================================== This code doesn't work without shellcode. The simple version of a "battle" shellcode can be found here: http://www.SecurityLab.ru/_exploits/bshell2 (add user 'a' with pass 'a' in administrator group) You can change this shellcode as you need. On system with MS03-39 installed, this code only crash systems, because nature of new vulnerability is not known. See more: http://www.securitylab.ru/40757.html ----- Original Message ----- From: Mike Gordon To: [EMAIL PROTECTED] Sent: Monday, October 13, 2003 1:41 AM Subject: [Full-Disclosure] RE: Re: Bad news on RPC DCOM vulnerability A compiled version is found at http://www.SecurityLab.ru/_exploits/rpc3.zip But it seems to only crash systems. Does any one have a clean complile of the "better code" from http://www.cyberphreak.ch/sploitz/MS03-039.txt __________________________________________________________________ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
