 |
MS Windows Server Service Code Execution PoC (MS08-067)
MS Windows Server Service Code Execution PoC (MS08-067) |
In vstudio command prompt: mk.bat next: attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...) net use \\IPADDRESS\IPC$ /user:user creds die \\IPADDRESS \pipe\srvsvc In some cases, /user:"" "", will suffice (i.e., anonymous connection) You should get EIP -> 00 78 00 78, a stack overflow (like a guard page violation), access violation, etc. However, in some cases, you will get nothing. This is because it depends on the state of the stack prior to the "overflow". You need a slash on the stack prior to the input buffer. So play around a bit, you'll get it working reliably... poc:  http://milw0rm.com/sploits/2008-ms08-067.zip # milw0rm.com [2008-10-23] |
相关黑客文章
- 2008-09-16[黑客编程] Linux操作系统Shell基础知识
- 2008-09-16[黑客编程] Shell基础学习:关于Wget命令的..
- 2008-09-16[本地提权] linux下留本地后门的两个方法
- 2008-09-16[工具使用] Linux压缩打包命令使用方法
- 2008-09-15[黑客编程] 新手入门——shell入门
- 2008-09-15[黑客编程] Unix和Linux下C语言学习指南
- 2008-09-15[工具使用] Linux 指令篇:使用者管理--su
- 2008-09-15[工具使用] 3389的SHIFT后门自动扫描
- 2008-09-14[本地提权] 一个linux提权用的技巧
- 2008-09-14[黑客编程] 从脚本编写到面向对象的 Pytho..
