Penetration Testing mailing list archives
Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug?
From: "Wertheimer, Ishai" <iwertheimer () KPMG COM>
Date: Sun, 25 Mar 2001 13:55:43 -0500
You can upload to the server this nice asp file by Maceo, and then easily type net localgroup administrators iusr_servername /add, and you are admin (I suppose that if the security configuration isn't too tight, you'll manage to do that). Cheers, Ishai Wertheimer -----Original Message----- From: Renato Ettisberger [mailto:renato.ettisberger () CH PWCGLOBAL COM] Sent: Sunday, March 25, 2001 5:38 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Hi, I'm doing a pen test and I found a IIS 5.0 (Win2k) with the Unicode bug. As you know, there is a way to span a shell with admin rights on a IIS 4.0 with the Unicode bug. I ask me, if there is a way to gain admin rights on an IIS 5.0, Win2k with the Unicode bug too? If I'm able to dump the password hash in crude form, how can I crack the password? F:0x020020000000000000000000.... V:0x00000000a800000...... If you have any suggestions or ideas, please let me know. regards Renato Ettisberger ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
Attachment:
cmd.asp
Description:
Current thread:
- [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- <Possible follow-ups>
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Wertheimer, Ishai (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? H D Moore (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? robmann (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)