There are questions about whether this vulnerability works if you have large enough amount of free memory. My exploit is tuned for my machine's amount of free memory (not much), but there are variations that work on any amount. For those who are interested, here is my domsrpcfuzz.sh header I used to find this attack. MAX=35 UUID=b9e79e60-3d52-11ce-aaa1-00006901293f #using incorrect versionmajor for bonus fun! VERSIONMAJOR=2 VERSIONMINOR=2 PORT=135 TARGET=192.168.1.100 STARTFUNCTION=0 Just copy that in, and let it run for a while. When it crashes, look at your output file and it will have the random seed that crashed it. Then you can do some more work to manually isolate the exact packet or sequence that crashes it. On Tue, 2002-10-22 at 14:25, lion wrote: > * > * MS WIN RPC DoS CODE FROM SPIKE v2.7 > * -- Dave Aitel <dave@immunitysec.com> Immunity, Inc
Attachment:
signature.asc
Description: This is a digitally signed message part
