This tool is quite detectable on NT systems. Ran it against one of our
NT farms and here is the info that showed up in the NT system log
Event ID: 10003
User: n/a
Source: DCOM
Type: Error
Access denied attempting to launch a DCOM Server using
DefaultLaunchPermission
The server is:
{0002DF01........}
The user is Unavailable/Unavailable, SID=Unavailable.
FYI......
Preston
On Tue, 2003-07-29 at 11:26, Robert Banniza wrote:
> Just received this from ISS minutes ago...Another RPC vulnerability
> scanning tool:
>
> http://www.iss.net/support/product_utilities/ms03-026rpc.php
>
> Couple things we have noticed....
>
> 1) OS identification is pretty much hit and miss
> 2) We have seen where XP SP1 unpatched doesn't show vulnerable (this
> patch was previously installed and then un-installed.) However, machine
> is confirmed vulnerable.
>
> Anyone else know what the last column of the output means? i.e. '5.6' or
> '0.0'?
>
> Robert
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
