Re: dcom on wyse WinCE systems

From: James Fields (jvfields@tds.net)
Date: Thu Oct 09 2003 - 17:49:40 EDT

• Next message: bkml: "Re: Password Cracking Service on Domain Controllers"
• Previous message: H D Moore: "Re: MetaSploit Exploit Framework v1.0"
• In reply to: cdowns: "dcom on wyse WinCE systems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry I can't answer the question directly. However as an anecdote, let me
tell you we have deployed a bunch of Wyse terminals running XP Embedded for
teleworkers. A bunch of them got hit with the following virus:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ
.A&VSect=T

This thing did some nasty things to their web browsers and also opened up
IRC connections to a hacker-infested chat server. While investigating the
security level of the Wyse teriminals after that, we found a lot of holes.
A Nessus scan found a bunch of things, many of which at least crashed the
terminals. They also come with VNC loaded on them with a default password
of "wyse." Fun, huh?

----- Original Message -----
From: "cdowns" <cdowns@drippingdead.com>
To: <pen-test@securityfocus.com>
Sent: Tuesday, October 07, 2003 11:25 AM
Subject: dcom on wyse WinCE systems

> Does anyone know if this is remotely exploitable ? I have not seen any
> information on Wyse WinCE Winterms in the past.. Here is a reference
> link to the device setup im talking about.
>
> http://www.wyse.com/products/winterm/index.htm
>
> Thanks All.
>
> ~!>D
>
>
> --
> - DrippingDead Films -
> downs@drippingdead.com
> http://www.drippingdead.com
> Key fingerprint = 56ED 70FC AF9D 3D98 C908 90F9 D93E 0CA7 290E EE37
>
>
> --------------------------------------------------------------------------
-
> Tired of constantly searching the web for the latest exploits?
> Tired of using 300 different tools to do one job?
> Get CORE IMPACT and get some rest.
> www.coresecurity.com/promos/sf_ept2
> --------------------------------------------------------------------------

--
>
>
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------

• Next message: bkml: "Re: Password Cracking Service on Domain Controllers"
• Previous message: H D Moore: "Re: MetaSploit Exploit Framework v1.0"
• In reply to: cdowns: "dcom on wyse WinCE systems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT