In vstudio command prompt: mk.bat
next: attach debugger to services.exe (2k) or the relevant svchost (xp/ 2k3/...) net use \\IPADDRESS\IPC$ /user:user creds die \\IPADDRESS \pipe\srvsvc In some cases, /user:"" "", will suffice (i.e., anonymous connection) You should get EIP -> 00 78 00 78, a stack overflow (like a guard page violation), access violation, etc. However, in some cases, you will get nothing. This is because it depends on the state of the stack prior to the "overflow". You need a slash on the stack prior to the input buffer. So play around a bit, you'll get it working reliably... poc: http://milw0rm.com/sploits/2008-ms08-067.zip # milw0rm.com [2008-10-23] --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
