SecuriTeam - Using the oc192-Dcom.c Exploit to Accomplish Revenge

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

The document linked below provides an analysis of several different exploits to the DCOM RPC vulnerability, and to the MS.Blaster worm. The document also provides an excellent top down detailed example of a full system exploit using one of the exploits listed. The author assumes almost no prior knowledge. Therefore, even readers with basic knowledge can benefit from it.

Credit:
The original article can be found at: http://www.giac.org/practical/GCIH/Mark_Johnston_GCIH.pdf

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Purpose:
"On the 16th July 2003 Microsoft released a security bulletin describing a vulnerability that existed in their Dcom RPC interface. The vulnerability was common to all but one supported windows platform, regardless of what service pack was installed.
On the same day my friend that worked for ACME Corporation as an ASP developer was dismissed, and rather unfairly I think. He was only using Kazaa to download his latest favorite ripped movies from the Internet and burning them on the company CD writer, that is of course until his boss saw what he was doing.

So now he's jobless and pretty upset with the company, and he has come to me to help him exact revenge on the firm. He wants my help to deface the web page so that it can ease his suffering. I'm up to that, especially knowing that my friend has some good insider information and that there is great new vulnerability that I might just be able to use.
Before I can move in for the kill I will need to research the exploit and possible code available a little further to understand just what it does and how it works. Using reconnaissance methods I will then gather information about the site from the Internet and my friend's brain. Once I have that information the preparation stage will be begin to accumulate all the necessary tools I will need for the attack. Of course the aim would be to deface the web site, but I'll try getting in with leaving as little evidence as possible for any administrators or incident handling team to find, although my friend tells me there is no incident handling team at the moment. It's going to be interesting to see how they cope with the attack?"

The document can be found at: Using the oc192-dcom.c exploit to accomplish revenge

	Why Silent Updates Boost Security
	PDF Silent HTTP Form Repurposing Attacks
	Frame Pointer Overwrite Demonstration (Linux)
	Format String Exploitation Demonstration (Linux)
	Hacking SOHO Routers
	Reflective Dll Injection
	Achieving Persistent HTML Injection via SNMP on Embedded Devices
	Lateral SQL Injection: a New Class of Vulnerability in Oracle
	Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020)
	Cold Boot Attacks on Disk Encryption
	OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability
	Exploiting WDM Audio Drivers
	Securing and Hardening Linux Paper
	27Mhz Wireless Keyboard Analysis Report aka "We Know What You Typed Last Summer"
	Cryptanalysis of the Random Number Generator of the Windows Operating System