Metasploit modules that can be used to exploit Microsoft » Windows Nt » 4.0 sp6a workstation

Order by Disclosure Date Module Name Module Type
  • MS04-031 Microsoft NetDDE Service Overflow
    Disclosure Date: 2004-10-12
    First seen: 2020-04-26
    exploit/windows/smb/ms04_031_netdde
    This module exploits a stack buffer overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim that this vulnerability can be exploited without authentication, the NDDEAPI pipe is only accessible after successful authentication. Authors: - pusscat <pusscat@metasploit.com>
  • MS04-011 Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
    Disclosure Date: 2004-04-13
    First seen: 2020-04-26
    exploit/windows/smb/ms04_011_lsass
    This module exploits a stack buffer overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter. Authors: - hdm <x@hdm.io>
  • MS04-011 Microsoft Private Communications Transport Overflow
    Disclosure Date: 2004-04-13
    First seen: 2020-04-26
    exploit/windows/ssl/ms04_011_pct
    This module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an application that uses SSL. The only application protocol supported at this time is SMTP. You only have one chance to select the correct target, if you are attacking IIS, you may want to try one of the other exploits first (WebDAV). If WebDAV does not work, this more than likely means that this is either Windows 2000 SP4+ or Windows XP (IIS 5.0 vs IIS 5.1). Using the wrong target may not result in an immediate crash of the remote system. Authors: - hdm <x@hdm.io>
  • MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow
    Disclosure Date: 2004-02-10
    First seen: 2020-04-26
    exploit/windows/smb/ms04_007_killbill
    This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. Windows 2000 SP4 Rollup 1 also patches this vulnerability. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encountered when using the equivalent bind payloads. Your mileage may vary. Authors: - Solar Eclipse <solareclipse@phreedom.org>
  • MS03-026 Microsoft RPC DCOM Interface Overflow
    Disclosure Date: 2003-07-16
    First seen: 2020-04-26
    exploit/windows/dcerpc/ms03_026_dcom
    This module exploits a stack buffer overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has been widely exploited ever since. This module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :) Authors: - hdm <x@hdm.io> - spoonm <spoonm@no$email.com> - cazz <bmc@shmoo.com>
  • MS02-018 Microsoft IIS 4.0 .HTR Path Overflow
    Disclosure Date: 2002-04-10
    First seen: 2020-04-26
    exploit/windows/iis/ms02_018_htr
    This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited. If you've set EXITFUNC to 'seh', the server will continue processing requests, but you will have trouble terminating a bind shell. If you set EXITFUNC to thread, the server will crash upon exit of the bind shell. The payload is alpha-numerically encoded without a NOP sled because otherwise the data gets mangled by the filters. Authors: - stinko <vinnie@metasploit.com>
  • MS00-094 Microsoft IIS Phone Book Service Overflow
    Disclosure Date: 2000-12-04
    First seen: 2020-04-26
    exploit/windows/isapi/ms00_094_pbserver
    This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This module has only been tested against Windows 2000 SP1. Authors: - aushack <patrick@osisecurity.com.au>
  • DNS Amplification Scanner
    First seen: 2020-04-26
    auxiliary/scanner/dns/dns_amp
    This module can be used to discover DNS servers which expose recursive name lookups which can be used in an amplification attack against a third party. Authors: - xistence <xistence@0x90.nl>
8 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close