The Ethical Hacker Network - [guidance needed] Am I doing it wrong?

Latest Additions

Who's Online

Makaveli

Newbie

Offline

Posts: 3

[guidance needed] Am I doing it wrong?

« on: February 12, 2013, 01:26:06 PM »

Hey fellas,

Can you please explain smth to me?

There is this vulnerability:

Code:

Code:

http://technet.microsoft.com/en-us/security/bulletin/ms12-020

It explicitly says that it allows for remote code execution. However when I search in exploit-db for that CVE I get an exploit which does DoS on my lab and crashes the system, and it's also categorized as DOS in metasploit. So how is this arbitrary code? All over the net when looking at notes of this vulnerability, it specifically says the attacker who exploits it can create users, get information etc.

Am I missing something?
I am trying to get shell..ultimately


	Logged

DragonGorge

Jr. Member

Offline

Posts: 83

Re: [guidance needed] Am I doing it wrong?

« Reply #1 on: February 12, 2013, 01:50:55 PM »

IIRC, this is a vulnerability that hasn't had an exploit (to do what you want) written for it (yet).

I seem to recall seeing exploits that claimed to allow remote code execution or something similar on Pastebin BUT in reality they were bogus and ended up pwning the downloader's machine.


	Logged

m0wgli

Full Member

Offline

Posts: 248

Re: [guidance needed] Am I doing it wrong?

« Reply #2 on: February 12, 2013, 02:01:19 PM »

Quote from: DragonGorge on February 12, 2013, 01:50:55 PM

I seem to recall seeing exploits that claimed to allow remote code execution or something similar on Pastebin BUT in reality they were bogus and ended up pwning the downloader's machine.

An example of why you shouldn't run exploit code blindly: http://www.insinuator.net/tag/ms12-020/


	Logged

Security + | OSWP | eCPPT | CSTA

ajohnson

Recruiters
Hero Member

Offline

Posts: 1057

aka dynamik

Re: [guidance needed] Am I doing it wrong?

« Reply #3 on: February 12, 2013, 03:54:19 PM »

The Bulletin states that the maximum impact is RCE. That just means that the conditions are such that someone could theoretically get code to run. RDP is a complex and convoluted protocol, and RCE may only be successful under obscure circumstances.

Imagine something like a buffer overflow that only overwrites one byte of EIP. Sure, you could potentially leverage that to redirect execution flow, but you'd probably win the lottery sooner. More often than not, something like that will only result in DoS, not RCE.

I'm not that familiar with the details of 12-020, but there are clearly some serious hurdles to overcome.


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

cd1zz

Hero Member

Offline

Posts: 561

Re: [guidance needed] Am I doing it wrong?

« Reply #4 on: February 12, 2013, 08:28:19 PM »

Rumors are there is a real exploit floating around.

When I looked at this to see if exploitation was possible, I started with a 2 second packet capture of the RDP protocol, saw 10K packets in wireshark and said, well effff this bug. I'm out.