[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    Re: ms06-025
From:       H D Moore <sflist () digitaloffense ! net>
Date:       2006-07-18 1:35:42
Message-ID: 200607172035.42351.sflist () digitaloffense ! net
[Download RAW message or body]

Metasploit contains two modules for this flaw, both of them require valid 
authentication credentials to use. Make sure you set the SMBUSER/SMBPASS 
variables before running the exploits. The RPC message format is defined 
fairly well in both exploits, but since they need to be sent over SMB 
(ports 139/445) and using DCERPC, it is non-trivial to turn into a 
standalone exploit (without doing a poor job of handling errors or 
evasion).

-HD

On Monday 17 July 2006 03:40, mikage_rinoa@yahoo.com wrote:
> I am currently working on a report regarding this vulnerability
> although I have tried to use the PoC given at metasploit but have
> failed in trying to crash the system.   Do you guys have any idea what
> RPC message format is to be sent so that the exploit will work and do i
> have to send it thru any specific port for it work?
[prev in list] [next in list] [prev in thread] [next in thread]