Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS04-011 - Hacktool.THCIISLame (hackers tool)


  • Please log in to reply
2 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:55 AM

Posted 27 April 2004 - 05:45 AM

This is a new program hackers or crackers would use as they explore or compromise security on an individual server or PC.

It is the first formally published security concern, I've seen that takes advantage of the recent Microsoft security vulnerabilities patched in April 2004. It is not a virus or worm, but an attack program that could compromise the security on unpatched systems.

This new development illustrates that there might be storm clouds on the horizon, so it's important to get patched up.


MS04-011 - Hacktool.THCIISLame (hackers tool)
http://www.symantec.com/avcenter/venc/data...thciislame.html

Hacktool.THCIISLame is a hack tool that takes advantage of the SSL PCT Windows vulnerability, as described in Microsoft Security Bulletin MS04-011. It provides an attacker a system shell on a specified remote computer.  The vulnerability affects unpatched versions of Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. It is considered Critical for NT/2000, Important for XP, and Low for 2003.


MS04-011 Vulnerability Information
http://www.microsoft.com/technet/security/...n/MS04-011.mspx

Upon execution, Hacktool.THCIISLame performs the following actions:

1. Sends a specially crafted exploit string to TCP port 443 of the IP address, specified on the command line.

2. If the vulnerability is successfully exploited, the shell code executed will reconnect to the IP and port that the attacker specified on the command line.



BC AdBot (Login to Remove)

 


m

#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:55 AM

Posted 27 April 2004 - 11:51 AM

MS04-011: Hacktool.LsassSba (another hackers tool)
http://www.symantec.com/avcenter/venc/data...l.lsasssba.html

Hacktool.LsassSba is a hacktool that takes advantage of the LSASS Vulnerability (described in Microsoft Security Bulletin MS04-011) to provide an attacker with a command shell on a remote computer.

When Hacktool.LsassSba is executed, it sends a specially crafted exploit string to an IP address specified by the attacker. This string attempts to exploit the LSASS Vulnerability (described in Microsoft Security Bulletin MS04-011), targeting TCP ports 137, 138, 139 and 445.

If successful, the hacktool opens a command shell on the targeted computer and then connects back to a specified IP and port (this is TCP port 1234 by default). Once this process is complete, the attacker will have administrative access to the compromised computer.

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:55 AM

Posted 27 April 2004 - 11:56 AM

We are definitely going to have a msblaster type worm that uses these exploits.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users