Skip to main content

Msblast Exploit

More
21 years 1 month ago #1156 by Wild_khan
Msblast Exploit was created by Wild_khan
hello everybody,
I have a private network of 5 computers all running windows 2000 sp3, i recently downloaded a tool form www.eeye.com and scanned my network if it was vulnerable to an RPC attack, I found out that it was, i then downloaded the exploit from www.securityfocus.com and tried running it against the networked pc's but somehow the xploit isnt seem to b working, neither remotely nor locally, this was good news.....but i see that port 135 is open on all my networked pcs still they dont seem to be vulnerable to the xploit....i jes want to know if i am doing something wrong here....
n besides this i would like to request chris to if he could start writing on stuff like network programming, it would b great to see topics like network programming in here.
last but definitely not the least....i believe the only guyz doing justice to networking are you ppl....long live firewall.cx!!!

b4 i sign gimme a pencil...and a sharpner...and a rubber...ohh sorry i dont use a pencil...i use a pen...
More
21 years 1 month ago #1157 by sahirh
Replied by sahirh on topic Re: Msblast Exploit
If you could tell us what RPC exploit it was vulnerable to we might be able to help you. Usually the vulnerability code will be something like MS03-39 or something similar, which basically means Microsoft 2003 - Vulnerability number 39.

I'm assuming you used Retina to scan your network. Trust me, if Retina says that you're vulnerable to something, you are. Was the exploit you got off securityfocus a precompiled exploit (higly unlikely) or was it exploit code (more likely) that you had to code yourself ? If you compiled the code yourself there may have been some errors there that you needed to fix.

Usually exploits don't work 'out of the box' so to speak.. a lot of people who release proof-of-concept exploits don't want everyone to just be able to download the code, compile it and attack everyone else... so they deliberately insert bugs into the code that any half-decent programmer should be able to figure out.

If the code is Perl / C then I wouldn't mind having a look at it.
Just for your information, there is a tool called Core Impact, which is a vulnerability scanner that actually exploits the remote machine if you ask it to. Its expensive though, and you might have a hard time justifying to your company why you'd need a tool to break the network that they pay you to keep running ;)

-- and so the struggle continues between the suits and the admins 8)

I'll move this topic to the Security and Firewalls forum tomorrow as I think the matter is more relevant for that forum.


Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
21 years 1 month ago #1191 by Wild_khan
Replied by Wild_khan on topic Re: Msblast Exploit
yes exactly, the microsoft advisory number wuz MS03-039....

well the code that i downloaded from security focus, wuz precompiled....the url to the exploit is www.securityfocus.com/data/vulnerabilities/exploits/kaht2.zip this exploit automatically scans for vulnerable pcs through a range of ip addresses, and if it finds any vulnerable computer it sends the xploit to it.....in my network...it doez find vulnerable pcs ie with port 135 open...but it fails to send the exploit....

my local network is not attached to the outside world, i use a dial-up connection to connect to the internet, from a pc which has nothing to do with the network....so the only threat em facin is from inside....

there wuz a sahir something that i once knew,when i wuz in the third grade.....i bet ur not him....he never wuz so brilliant..neway where r u from...jes to make sure....:D...

b4 i sign gimme a pencil...and a sharpner...and a rubber...ohh sorry i dont use a pencil...i use a pen...
More
21 years 1 month ago #1192 by sahirh
Replied by sahirh on topic Re: Msblast Exploit
Hey,
I downloaded the exploit and tested against an unpatched winxp box that I just put up, and the exploit failed.. so perhaps theres something wrong with the exploit itself. Thats wierd though, usually securityfocus is pretty good about these things.. anyway I'll try it on a couple more machines later.

Where am I from ? I'm from Bombay, India. :)


Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
21 years 1 month ago #1196 by Manip
More
21 years 1 month ago #1226 by Wild_khan
Replied by Wild_khan on topic thanx
thanx manip and sahir i really appreciate ur help....i cudnt hav won dat noble prize without u....

well...wut do u know sahir.....d sahir dat i knew wuz also from india....but he wuz from kerala....

b4 i sign gimme a pencil...and a sharpner...and a rubber...ohh sorry i dont use a pencil...i use a pen...
Time to create page: 0.135 seconds