[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ms06-025

To: vuln-dev@xxxxxxxxxxxxxxxxx
Subject: Re: ms06-025
From: H D Moore <sflist@xxxxxxxxxxxxxxxxxx>
Date: Mon, 17 Jul 2006 20:35:42 -0500
Delivered-to: mailing list vuln-dev@xxxxxxxxxxxxxxxxx
Delivered-to: moderator for vuln-dev@xxxxxxxxxxxxxxxxx
In-reply-to: <20060717084035.30523.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:vuln-dev-help@securityfocus.com>
List-id: <vuln-dev.list-id.securityfocus.com>
List-post: <mailto:vuln-dev@securityfocus.com>
List-subscribe: <mailto:vuln-dev-subscribe@securityfocus.com>
List-unsubscribe: <mailto:vuln-dev-unsubscribe@securityfocus.com>
Mailing-list: contact vuln-dev-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060717084035.30523.qmail@xxxxxxxxxxxxxxxxx>
User-agent: KMail/1.9.3

Metasploit contains two modules for this flaw, both of them require valid 
authentication credentials to use. Make sure you set the SMBUSER/SMBPASS 
variables before running the exploits. The RPC message format is defined 
fairly well in both exploits, but since they need to be sent over SMB 
(ports 139/445) and using DCERPC, it is non-trivial to turn into a 
standalone exploit (without doing a poor job of handling errors or 
evasion).

-HD

On Monday 17 July 2006 03:40, mikage_rinoa@xxxxxxxxx wrote:
> I am currently working on a report regarding this vulnerability
> although I have tried to use the PoC given at metasploit but have
> failed in trying to crash the system.  Do you guys have any idea what
> RPC message format is to be sent so that the exploit will work and do i
> have to send it thru any specific port for it work?

References:
- ms06-025
  - From: mikage_rinoa

Prev by Date: ToorCon 2006 Call for Papers
Next by Date: RUXCON 2006 Final Call For Papers
Previous by thread: ms06-025
Next by thread: PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30)
Index(es):
- Date
- Thread