Re: DCOM RPC exploit (dcom.c)

[<sk () scan-associates net>]

In-Reply-To: <20030727025321.64988.qmail () web11001 mail yahoo com>

> One glitch is that the exploitation is not very
> stealth. All RPC/COM based functions stop working
> completely after exploitation and fail to heal until
> the machine is restarted. Many of these functions are
> quite visible and easily noticeable(drag&drop,
> clipboard, property sheets, etc., for example). This
> happens without exception.

If the shellcode exit via ExitThread(), RPCSS will not die, everything 
rock as usual, and you can run the exploit over and over again.

sk