|
|
| escee |
This exploit is pretty nasty, gives the user access to your machine as if they would go to the start menu -> and type command. If anyone wants the source for this biatch then msg me on irc (needs linux to compile it)
Below are links to the Fixes
Windows 2000
Windows XP
Windows 2003
sorry dont have a link for NT Fix but NT is vulnerable, the exploit for NT is called NT Authority exploit, and does virtually the same thing.
If this already happened to your computer Download this and itll scan your computer for the worm that is usually installed.
If for some reason you dont want to/cant/whatever install the patches. To stop your computer entirely restarting when you get the RPC error (gives you a 60 sec counter till your computer restarts mission impossible style) then go into the administrator settings and change the RPC service properties to restart service if it fails, not restart computer.
This has post has been brought to you by escee your friendly computer nerd, the letters R, P and C, and the numbers 6 and 9. |
|
|
| escee |
| quote: | Originally posted by resisted
thankfully un-infested, any ideas how it actually gets onto the users computer in the first place? |
| quote: | Source: http://sysadminnews.com/sysadminnew...RPCExploit.html
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.
To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on specific RPC ports. |
These ports are 135, 139, 445 or anyother port RPC is running at. Usually its just those 3 though. The exploit only targets 135 I think. So if your running a firewall (even the windows ICF would do) or router then usually youll be ok.
More detailed info here:
http://www.xfocus.org/documents/200307/2.html |
|
|
| GelatinPufF |
| quote: | Originally posted by discitelli
Taken off www.whirlpool.com.au
Ironically, in four days the worm will start a distributed denial of service attack on Microsoft's WindowsUpdate servers. |
Mwahahahaha :haha:
That's pure genius! i hate the way XP updates :whip: It will serve those servers right!(excuse the pun :stongue: ) :whip: bitches! :whip:
-doesen't patch his operating system-  |
|
|
| djway |
| quote: | Originally posted by escee
This has post has been brought to you by escee your friendly computer nerd, the letters R, P and C, and the numbers 6 and 9. |
Didn't know you were a nerd :) And 69, i thought it would been 135.
Go Linux!
--djway |
|
|
| webmeister |
| quote: |
System Uptime: 30 Days, 0 Hours, 49 Minutes, 34 Seconds
|
:D
I love my router! Gunna patch XP just in case though... |
|
|
CLICK TO RETURN TO TOP OF PAGE
tranceaddict Forums Archive > Local Scene Info / Discussion > Australia
|
