Cluster details: [EXPLOIT] LSASS / DCE RPC exploit: Mainz/Bielefeld Shellcode (445/TCP)

Name:	[EXPLOIT] LSASS / DCE RPC exploit: Mainz/Bielefeld Shellcode (445/TCP)
Date:	2010-10-14 21:31:14
Classification Level:	Attack
Core:	[EXPLOIT] LSASS / DCE RPC exploit: Mainz/Bielefeld Shellcode (445/TCP)
Ports:	445/TCP
Unique Sip:	21
Signature size:	163
Super signature:
alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"[EXPLOIT] LSASS / DCE RPC exploit: Mainz/Bielefel\ d Shellcode (445/TCP)"; flow:to_server,established; content:"|00 00 00 a4 ff|SMBs|00 00 00 00 18 07 \ c8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00|"; content:"|0c ff 00 a4 00 04|"; content:"\ |00 00 00 00 00 00 00| |00 00 00 00 00 d4 00 00 80|i|00|NTLMSSP|00 01 00 00 00 97 82 08 e0 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; content:"|00|i|00|n|00|d|00|o|00|w|00|s|00| |00|2|00|0|\ 00|0|00|0|00| |00|2|00|1|00|9|00|5|00 00 00|"; content:"|00|i|00|n|00|d|00|o|00|w|00|s|00| |00|2|00|\ 0|00|0|00|0|00| |00|5|00|.|00|0|00 00 00 00 00|";)