Penetration Testing mailing list archives
question regarding w3who.dll bug
From: "Martin Bernhard" <woas_nix () gmx net>
Date: Fri, 14 Jan 2005 09:49:47 +0100 (MET)
Hi, As one of our clients is running some IIS web servers with w3who.dll on them, I figured that this would be a good place to start our pen test. Unfortunately, the exploit in the new release of the Metasploit Framework did not work on the most important servers (Windows 2000). I have access to a test system that gives me the opportunity to analyze the bug in detail, but I cant figure out what parts in memory are overwritten. Does anybody know what exactly I have to do to trigger the bug and analyze it (Im using ollydbg)? Any help is much appreciated -- +++ Sparen Sie mit GMX DSL +++ http://www.gmx.net/de/go/dsl AKTION für Wechsler: DSL-Tarife ab 3,99 EUR/Monat + Startguthaben
Current thread:
- question regarding w3who.dll bug Martin Bernhard (Jan 14)
- Re: question regarding w3who.dll bug H D Moore (Jan 15)