Bugtraq mailing list archives
Re: DCOM RPC exploit (dcom.c)
From: <sk () scan-associates net>
Date: 29 Jul 2003 03:50:49 -0000
In-Reply-To: <20030727025321.64988.qmail () web11001 mail yahoo com>
One glitch is that the exploitation is not very stealth. All RPC/COM based functions stop working completely after exploitation and fail to heal until the machine is restarted. Many of these functions are quite visible and easily noticeable(drag&drop, clipboard, property sheets, etc., for example). This happens without exception.
If the shellcode exit via ExitThread(), RPCSS will not die, everything rock as usual, and you can run the exploit over and over again. sk
Current thread:
- Re: DCOM RPC exploit (dcom.c) S G Masood (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Marc Maiffret (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Martin Peikert (Jul 30)
- <Possible follow-ups>
- Re: DCOM RPC exploit (dcom.c) sk (Jul 30)