[Image][Image] [Image] Areas * Security * msadc.pl version 2 * Knowledge Base * msadc.pl version 1 * Auditory * Original RDS advisory * Visual * Resources ------------------------------------------------------- * Email ---msadc/RDS exploit version 2 Latest stuff * RFP9906 New features include: * RFPoison.zip * RFP9905 - UNC support. This has only been tested with Windows * whisker 95 shares...NT may * msadc.pl v2 cause authentication wackiness. Use -u * RFP9904 \\server\share\file.mdb. * RFP9903 Also, on unix boxen, don't forget you have to escape the '\', so would look like \\\\server\\share\\file.mdb. Also have not tested with Samba. Let me know if you have good/bad results. - Win 95 support. Use -w to use command /c instead of cmd /c. - Slimmed down the query process. Before it would query to determine if it was using Access driver, then create a table called 'AZZ', and then try to use this 'AZZ' table for the exploit. This left obvious leftovers (tables named 'AZZ') on the server. Now it just queries MSysModules firsthand, which cuts down the steps and stops leaving evidence. However, this may not always work. Use the -c switch for backwards compatibility (3 step process). I would run normal, and if nothing works, try it again with the -c switch. - Only run a certain step. Use the -s switch to specify which step to run. For those of you itching to try the new UNC support, you can run it immediately (normally it's step 5), by running: ./msadc.pl -h -u -s 5 IMPORTANT NOTE: The new scan method (querying MSysModules), while less noisy, is also less supported. If using version 2.0, and you can't get it to work, make sure to rescan using the -c (backwards compatibility) switch. You may get better results (ie success rather than failure). I do not plan to update the tool...between the two, you should get by just fine. It doesn't have to be perfectly automated. :)