ms06040 NetpwNameCompare exploit

一口气更新了3个,都是在zwell's blog那里看到的。
这个是zwell写的的ms06040 exploit,ms06040最近的确很受欢迎,我这里都放了三个版本的了。

来源:zwell's blog

I coded it just for fun and another reason is the exploits released recently are all about

CanonicalizePathName, but not NetpwNameCompare(even some title is about NetpwNameCompare).

the struct of the function is:

DWORD (__stdcall *NetpwNameCompare)(wchar_t *, wchar_t *, wchar_t *, DWORD type, DWORD flags);

The important thing to touch off it is : you must set the type to 1, and the last bit of flags must be 1.

Please pay attention to rebooting after you leave out the shell (I'm so lazy)………^_^

Usage ms06040_NetpwNameCompare.exe <taget ip>

=================================================
MS06040 NetpwNameCompare exploit
Coded By ZwelL
Date : 2006.08.30
Email : [email protected]
Web : http://www.nosec.org
=================================================
Wait for about 2 second and then telnet 5555 port, good luck ^_^ …

And then you can telnet target on 5555 port:

telnet *.*.*.* 5555

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>

Click Here to download it…

相关日志

抢楼还有机会... 抢座Rss 2.0或者 Trackback

发表评论