BugTraq
Back to list
|
Post reply
Re: DCOM RPC exploit (dcom.c)
Jul 29 2003 03:50AM
sk scan-associates net
In-Reply-To: <20030727025321.64988.qmail (at) web11001.mail.yahoo (dot) com [email concealed]>
>One glitch is that the exploitation is not very
>stealth. All RPC/COM based functions stop working
>completely after exploitation and fail to heal until
>the machine is restarted. Many of these functions are
>quite visible and easily noticeable(drag&drop,
>clipboard, property sheets, etc., for example). This
>happens without exception.
If the shellcode exit via ExitThread(), RPCSS will not die, everything
rock as usual, and you can run the exploit over and over again.
sk
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>One glitch is that the exploitation is not very
>stealth. All RPC/COM based functions stop working
>completely after exploitation and fail to heal until
>the machine is restarted. Many of these functions are
>quite visible and easily noticeable(drag&drop,
>clipboard, property sheets, etc., for example). This
>happens without exception.
If the shellcode exit via ExitThread(), RPCSS will not die, everything
rock as usual, and you can run the exploit over and over again.
sk
[ reply ]