Exploit: Head-2-head – H D Moore and Matthew Murphy (MS06-006)

apparently, both h d moore and our very own matthew murphy worked all night to write working exploit code for ms06-006.

head to head they coded, and we honestly can’t tell who wrote the first working code!

h d moore’s code can be found here.
matthew murphy’s code can be found here.

both guys are amazing and h d moore as always know more than most of us put together. we think that matthew’s code however is universal and he is the first who hit the lists with full code.

his code should work on nt/2000/xp/2003, pretty much anything and everything windows media that is vulnerable.

that was not even 2 days for a not (that) trivial to exploit vulnerability. lucky for us there are responsible researchers such as these to help us in the security world do our job, as those on the dark path have their own resources while we deal with legal b/s from people who jdgi. just don’t get it.

update:
sunshine asked us to update that both these cool guys mentioned they used techniques by skylined. thanks skylined!

(got anything to tell ren&stimpy? email us: rennstimpy@securiteam.com)

Share
  • http://www.securinfos.info JA

    I want to thanks these guys to learn us a lot.
    BIG job guys!

    Keep it up

  • http://blogs.securiteam.com/index.php/archives/author/mattmurphy/ Matthew Murphy

    It’s not quite universal — it works on Firefox 1.5/1.0, WMP 7.1-10.0, Windows NT/2000/XP/2003. Opera messes with it, though, according to the test HD ran on it with my code.