HD Moore released one today that returns a Local System shell on port 4444. I've run it in the lab and, as expected of all HD code, works consistantly.
g On Fri, 25 Jul 2003 15:56:57 -0400 "Ingevaldson, Dan (ISS Atlanta)" <[EMAIL PROTECTED]> wrote: > George- > > Which exploit are you referring to? There are several floating around. > Many of them are misrepresented as MS03-026 exploits. There was another > vulnerability disclosed that only causes a DoS condition--no remote > compromise. > > Regards, > =============================== > Daniel Ingevaldson > Engineering Manager, X-Force R&D > [EMAIL PROTECTED] > 404-236-3160 > > Internet Security Systems, Inc. > The Power to Protect > http://www.iss.net > =============================== > > > -----Original Message----- > From: George Bakos [mailto:[EMAIL PROTECTED] > Sent: Friday, July 25, 2003 3:47 PM > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Windows DCOM exploit (was Re: What you don't want to hear from > a peer) > > > > On Fri, 25 Jul 2003 14:29:13 -0500 > John Kristoff <[EMAIL PROTECTED]> wrote: > > > Maybe it'll help start the weekend with a smile. > > Smile for now; it probably won't last. The Windows DCOM exploit that was > released today, works perfectly. BTW, how many residential networks > (worm > fodder) really need port 135/tcp open, anyway? > > And I thought I would have time to split some cordwood today. Rats. > George Bakos Institute for Security Technology Studies - IRIA Dartmouth College [EMAIL PROTECTED] 603.646.0665 -voice 603.646.0666 -fax