Full Disclosure mailing list archives

RE: Scanning the PCs for RPC Vulnerability

From: "Jerry Heidtke" <jheidtke () fmlh edu>
Date: Wed, 3 Sep 2003 11:49:21 -0500


It looks like it worked correctly. The return codes you listed is what
it will show for a Windows 9x system with DCOM installed. Notice that it
didn't say it was vulnerable.
 
It scanned every address you gave it (10.10.60.1-10.10.60.30), and
apparently returned correct results for all of them. Notice the results
listed for both 10.10.60.1 and 10.10.60.30, the first and last systems
scanned.
 
The tool scans addresses sequentially. Results will be listed out of
scan order, in the order the scanned systems respond.

        -----Original Message-----
        From: Nadeem Rafi
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Nadeem Rafi
        Sent: Wednesday, September 03, 2003 11:21 AM
        To: full-disclosure () lists netsys com
        Subject: Scanning the PCs for RPC Vulnerability
        
        

        Thanks for help.

        I have used the scanms.exe, the latest one and on the first run
it scanned a few and then exit with the code

        10.10.60.16         REMACT err=0x80004005
iid={00020906-0000-0000-c000-000000000046}
        10.10.60.16             [????]  [....]  5.4

         

        The complete result was 

        scanms 10.10.60.1-10.10.60.30

        10.10.60.21             [....]  [ptch]  0.0
        10.10.60.18             [....]  [ptch]  0.0
        10.10.60.29             [....]  [VULN]  0.0
        10.10.60.19             [....]  [ptch]  0.0
        10.10.60.30             [....]  [ptch]  0.0
        10.10.60.26             [....]  [ptch]  0.0
        10.10.60.11             [....]  [ptch]  0.0
        10.10.60.15             [....]  [ptch]  0.0
        10.10.60.13             [....]  [ptch]  0.0
        10.10.60.1              [....]  [VULN]  0.0
        10.10.60.10             [....]  [ptch]  0.0
        10.10.60.12             [....]  [VULN]  0.0
        10.10.60.16         REMACT err=0x80004005
iid={00020906-0000-0000-c000-000000000046}
        10.10.60.16             [????]  [....]  5.4

         

        By the way 10.10.60.16 is a computer with Windows 98/Second
Edition. A normal pc with out any extra ordinary software.

        Does the same is happening with some one else. I will be seeking
more information from others.

         

        Best Regards,

         

        Nadeem Rafi


Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

Current thread:

Scanning the PCs for RPC Vulnerability Nadeem Rafi (Sep 03)
- RE: Scanning the PCs for RPC Vulnerability Marc Maiffret (Sep 03)
- <Possible follow-ups>
- RE: Scanning the PCs for RPC Vulnerability Jerry Heidtke (Sep 03)
- RE: Scanning the PCs for RPC Vulnerability Schmehl, Paul L (Sep 03)
- Re: Scanning the PCs for RPC Vulnerability Ty Bodell (Sep 03)
- Scanning the PCs for RPC Vulnerability Nadeem Rafi (Sep 03)
- RE: Scanning the PCs for RPC Vulnerability Jerry Heidtke (Sep 03)
- Re: Scanning the PCs for RPC Vulnerability rjemckay (Sep 03)
- RE: Scanning the PCs for RPC Vulnerability B3r3n (Sep 03)