MS04-011: Hacktool.LsassSba (another hackers tool)
Hacktool.LsassSba is a hacktool that takes advantage of the LSASS Vulnerability (described in Microsoft Security Bulletin MS04-011) to provide an attacker with a command shell on a remote computer.
When Hacktool.LsassSba is executed, it sends a specially crafted exploit string to an IP address specified by the attacker. This string attempts to exploit the LSASS Vulnerability (described in Microsoft Security Bulletin MS04-011), targeting TCP ports 137, 138, 139 and 445.
If successful, the hacktool opens a command shell on the targeted computer and then connects back to a specified IP and port (this is TCP port 1234 by default). Once this process is complete, the attacker will have administrative access to the compromised computer.