[Image][Image]
[Image]


    Areas
* Security            * msadc.pl version 2
* Knowledge Base      * msadc.pl version 1
* Auditory            * Original RDS advisory
* Visual
* Resources        -------------------------------------------------------
* Email
                   ---msadc/RDS exploit version 2
    Latest stuff
* RFP9906          New features include:
* RFPoison.zip
* RFP9905          - UNC support. This has only been tested with Windows
* whisker          95 shares...NT may
* msadc.pl v2      cause authentication wackiness. Use -u
* RFP9904          \\server\share\file.mdb.
* RFP9903          Also, on unix boxen, don't forget you have to escape
                   the '\', so
                   would look like \\\\server\\share\\file.mdb. Also have
                   not tested
                   with Samba. Let me know if you have good/bad results.

                   - Win 95 support. Use -w to use command /c instead of
                   cmd /c.

                   - Slimmed down the query process. Before it would
                   query to determine if
                   it was using Access driver, then create a table called
                   'AZZ', and
                   then try to use this 'AZZ' table for the exploit. This
                   left
                   obvious leftovers (tables named 'AZZ') on the server.
                   Now it just
                   queries MSysModules firsthand, which cuts down the
                   steps and stops
                   leaving evidence. However, this may not always work.
                   Use the -c
                   switch for backwards compatibility (3 step process). I
                   would run
                   normal, and if nothing works, try it again with the -c
                   switch.

                   - Only run a certain step. Use the -s switch to
                   specify which step to
                   run. For those of you itching to try the new UNC
                   support, you
                   can run it immediately (normally it's step 5), by
                   running:

                   ./msadc.pl -h <host> -u <unc path> -s 5

                   IMPORTANT NOTE:

                   The new scan method (querying MSysModules), while less
                   noisy, is also less
                   supported. If using version 2.0, and you can't get it
                   to work, make sure
                   to rescan using the -c (backwards compatibility)
                   switch. You may get
                   better results (ie success rather than failure).

                   I do not plan to update the tool...between the two,
                   you should get by just
                   fine. It doesn't have to be perfectly automated. :)
