[guidance needed] Am I doing it wrong?

Viewing 4 reply threads
  • Author
    Posts
    • #8209
      Makaveli
      Participant

      Hey fellas,

      Can you please explain smth to me?

      There is this vulnerability:

      Code:

      http://technet.microsoft.com/en-us/security/bulletin/ms12-020

      It explicitly says that it allows for remote code execution. However when I search in exploit-db for that CVE I get an exploit which does DoS on my lab and crashes the system, and it’s also categorized as DOS in metasploit. So how is this arbitrary code? All over the net when looking at notes of this vulnerability, it specifically says the attacker who exploits it can create users, get information etc.

      Am I missing something?
      I am trying to get shell..ultimately 🙂

    • #51911
      DragonGorge
      Participant

      IIRC, this is a vulnerability that hasn’t had an exploit (to do what you want) written for it (yet).

      I seem to recall seeing exploits that claimed to allow remote code execution or something similar on Pastebin BUT in reality they were bogus and ended up pwning the downloader’s machine.

    • #51912
      m0wgli
      Participant

      @DragonGorge wrote:

      I seem to recall seeing exploits that claimed to allow remote code execution or something similar on Pastebin BUT in reality they were bogus and ended up pwning the downloader’s machine.

      An example of why you shouldn’t run exploit code blindly:  http://www.insinuator.net/tag/ms12-020/

    • #51913
      dynamik
      Participant

      The Bulletin states that the maximum impact is RCE. That just means that the conditions are such that someone could theoretically get code to run. RDP is a complex and convoluted protocol, and RCE may only be successful under obscure circumstances.

      Imagine something like a buffer overflow that only overwrites one byte of EIP. Sure, you could potentially leverage that to redirect execution flow, but you’d probably win the lottery sooner. More often than not, something like that will only result in DoS, not RCE.

      I’m not that familiar with the details of 12-020, but there are clearly some serious hurdles to overcome.

    • #51914
      cd1zz
      Participant

      Rumors are there is a real exploit floating around.

      When I looked at this to see if exploitation was possible, I started with a 2 second packet capture of the RDP protocol, saw 10K packets in wireshark and said, well effff this bug. I’m out.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?