Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy)

This module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. It requires a CLSID string. Windows 10 after version 1803, April 2018 update, build 17134 and all versions of Windows Server 2019 are not vulnerable. This module requires...

Windows Net-NTLMv2 Reflection DCOM/RPC

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC', 'Description' = %q Module utilizes the Net-NTLMv2...

Windows Net-NTLMv2 Reflection DCOM/RPC

Module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token. This module requires Metasploit:...

MS16-075 Windows SMB Server Elevation of Privilege Vulnerability (CVE-2016-3225)

Overview As we mentioned a number of times throughout our talk, this work is derived directly from James Forshaw’s BlackHat talk and Google Project Zero research. I highly recommend reviewing both of these resources to anyone interested in pursuing this topic. The idea behind this vulnerability i...

Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8205/info A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficient bounds checking of...

CVE-2004-0124

The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."...

CVE-2004-0124

The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."...

[Full-Disclosure] EEYE: Microsoft DCOM RPC Race Condition

Microsoft DCOM RPC Race Condition Release Date: April 13, 2004 Date Reported: September 10, 2003 Severity: High Remote Code Execution Vendor: Microsoft Systems Affected: Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Server 4.0 Microsoft Windows NT Server 4.0, Terminal Server Edition...

Microsoft Windows DCOM/RPC vulnerability

Overview A vulnerability exists in Microsoft Windows DCOM/RPC that can be exploited to cause a denial of service. It may be possible for an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Remote Procedure Call RPC "... is a powerful, robust, efficient, and...

Microsoft Windows - DCOM RPC Interface Buffer Overrun

Microsoft Windows - DCOM RPC Interface Buffer Overrun source: https://www.securityfocus.com/bid/8205/info A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficien...

Microsoft Windows - DCOM RPC Interface Buffer Overrun

source: https://www.securityfocus.com/bid/8205/info A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficient bounds checking of client DCOM object activation...

Microsoft Windows XP2000 - RPC DCOM Remote (MS03-026)

Microsoft Windows XP2000 - RPC DCOM Remote MS03-026 / DCOM RPC Overflow Discovered by LSD - Exploit Based on Xfocus's Code Written by H D Moore - Usage: ./dcom - Targets: - 0 Windows 2000 SP0 english - 1 Windows 2000 SP1 english - 2 Windows 2000 SP2 english - 3 Windows 2000 SP3 english - 4 Window...

MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets)

Exploit for unknown platform in category remote exploits ===================================================== MS Windows RPC DCOM Remote Exploit w2k+XP Targets ===================================================== / DCOM RPC Overflow Discovered by LSD - Exploit Based on Xfocus's Code Written by ...

Microsoft Windows XP/2000 - 'RPC DCOM' Remote (MS03-026)

/ DCOM RPC Overflow Discovered by LSD - Exploit Based on Xfocus's Code Written by H D Moore - Usage: ./dcom - Targets: - 0 Windows 2000 SP0 english - 1 Windows 2000 SP1 english - 2 Windows 2000 SP2 english - 3 Windows 2000 SP3 english - 4 Windows 2000 SP4 english - 5 Windows XP SP0 english - 6...

Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability

Description A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could...