Results 1 to 10 of 10

Thread: Exploiting Win 2k sp2 (RPC DCOM Interface Overflow)

  1. #1
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default Exploiting Win 2k sp2 (RPC DCOM Interface Overflow)

    Hi, I am trying to exploit a Windows 2000 computer but am having no luck. It should be vulnerable to quite a few exploits, I found an old windows 2k sp2 cd in my office and loaded it up in vmware, then tried to exploit it using metasploit, using the “Microsoft RPC DCOM Interface Overflow” and several different payloads. But I keep getting the same error message.
    Code:
    [*] Started reverse handler 
    [-] Exploit failed: The connection was refused by the remote host (10.0.0.200:135). 
    msf exploit(ms03_026_dcom) >
    Any ideas on what I could be doing wrong?

  2. #2
    Junior Member Schtekarn's Avatar
    Join Date
    Feb 2008
    Posts
    29

    Default

    hmm The target is refusing connection. Have you checked if the port you're trying to connenct to is closed? Is there a firewall on the w2k machine?

  3. #3
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by Schtekarn View Post
    hmm The target is refusing connection. Have you checked if the port you're trying to connenct to is closed? Is there a firewall on the w2k machine?
    That was the first thing i did. But it is open.

    Code:
    Interesting ports on 10.0.0.200:
    Not shown: 65524 closed ports
    PORT     STATE SERVICE      VERSION
    25/tcp   open  smtp         Microsoft ESMTP 5.0.2195.2966
    80/tcp   open  http         Microsoft IIS webserver 5.0
    135/tcp  open  mstask       Microsoft mstask (task server - c:\winnt\system32\Mstask.exe)
    139/tcp  open  netbios-ssn
    443/tcp  open  https?
    445/tcp  open  microsoft-ds Microsoft Windows 2000 microsoft-ds
    1025/tcp open  msrpc        Microsoft Windows RPC
    1026/tcp open  mstask       Microsoft mstask (task server - c:\winnt\system32\Mstask.exe)
    1027/tcp open  mstask       Microsoft mstask (task server - c:\winnt\system32\Mstask.exe)
    3372/tcp open  msdtc        Microsoft Distributed Transaction Coordinator (error)
    4191/tcp open  http         Microsoft IIS webserver 5.0
    MAC Address: 00:0C:29:E8:DF:4F (VMware)
    Device type: general purpose
    Running: Microsoft Windows 2000
    OS details: Microsoft Windows 2000 SP0/SP2/SP4 or Windows XP SP0/SP1
    Network Distance: 1 hop
    Service Info: Host: win2000; OS: Windows


    EDIT:
    Ok, so i dont know why... but i did the same thing in windows using the GUI and it worked? :S

  4. #4
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Hey
    does that code say it works on 2k3?
    If it does do you know how to get it to work?
    Thanks

  5. #5
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    Quote Originally Posted by compaq View Post
    Hey
    does that code say it works on 2k3?
    If it does do you know how to get it to work?
    Thanks
    I believed I used that sploit on an UNPATCHED 2k3 machine with reverse shell and got root with no problems. Experimented with fast track, and on the same machine ended up with about 3 shells. I just don't remember which ones they were.

  6. #6
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    Quote Originally Posted by kicksfanscom View Post
    Beautiful site
    Thats true, but your post is not! Please make reasonable posts and stop spaming useless posts to enlarge your post-counter.
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  7. #7
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    There is also a new version of Metaslpoit being released soon as well. Supposed to be pretty good, read th article over at Astalavista

  8. #8
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Quote Originally Posted by terminal86 View Post
    Thats true, but your post is not! Please make reasonable posts and stop spaming useless posts to enlarge your post-counter.
    Lol terminal86, check this out:
    http://forums.remote-exploit.org/sho...51&postcount=2

    Peace
    Don't eat yellow snow :rolleyes:

  9. #9
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    Quote Originally Posted by hawaii67 View Post
    Lol terminal86, check this out:
    http://forums.remote-exploit.org/sho...51&postcount=2

    Peace
    That was so kinda sarcastic that i felt i Had to post that
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  10. #10
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Quote Originally Posted by terminal86 View Post
    That was so kinda sarcastic that i felt i Had to post that

    NP, let's have a beer together at least virtually.....
    Don't eat yellow snow :rolleyes:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •