Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

RPCSS Getting Real

Okay there's two exploits out there, the source code for one I have, the other (the one that creates the shell) I don't. No sure which one will become the worm.

Since 3329 is under an NDA, could someone from Cisco let us know what the context buffer may look like, or what an IPLog sniff would look like?

1 REPLY
New Member

Re: RPCSS Getting Real

I'll follow up.

The exploit code available right now (not the DOS code), obtained from k-otik.com compiles fine under cygwin, or when I ported it to run under redhat.

I ran the executable (which btw, the windows executable is caught by McAfee av) against a vulnerable machine (SP3 and MS03-026 hotfix only), the code did not exploit that machine (different issue).

Problem here is that the exploit code went past a sensor, which did not respond with the 3329 RPCSS signature.

If wanted, I can send sniffs of this traffic.

210
Views
0
Helpful
1
Replies
CreatePlease to create content