Vulnerability Development mailing list archives
Re: iishack/tesoiis.c - What's wrong ?
From: benettor () VOLCANO GEO AUTH GR (The Underground Legendary Emperor)
Date: Wed, 5 Jan 2000 00:46:47 +0200
It has to do with the trojan. Sometimes a firewall doesn't allow to connect. Try sending a lame trojan, i.e. netbus/BO server instead of ncx.exe. Configure it on a high port such as 52000. You'll get the answer. Crashing the remote server means vulnerability, and vulnerability is bad :} Ben On Mon, 3 Jan 2000, Seth Georgion wrote:
I have had the same problems but I haven't used the teso version. My only guess is that some servers have a Firewall in front of them set to deny outbound connections. From what I understand, and I defer to others, the exploit code forces the server to make an outbound request for the file. I think, and I'm really not sure, that this is designed so that the file can be anything you choose that you can serve. If this is the case than we all would be eternally grateful if someone could modify the source so that it sends a file in the same folder as iishack with an already specified name. Thus the program could automatically send the file hack.exe and you could just place the file you want to send, renamed to hack.exe, in the same folder. The other thing that I think might be going on is that the server is designed or the router set up so that no traffic is allowed to port 99 or any port other than 80 thus no workey, also, stupidly enough, ncx is hacked to only honor the first connection with the terminal so if you're using it on your site and getting connection requests at the same time it will drop the terminal to another connection request, i.e. a home user with a browser that won't see anything anyway. Someone should also change the version of ncx so it's passed with the argument to stay active. I wish I could write the code but then isn't that what vuln-dev is for? -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Ory Segal Sent: Monday, January 03, 2000 5:12 AM To: VULN-DEV () SECURITYFOCUS COM Subject: iishack/tesoiis.c - What's wrong ? Hello, While trying to make both codes work, the first on NT+IIS And the second from a Linux box , I get the same results, The Remote server crashes, but no code is sent and uploaded, does anyone has a clue of how can I fine-tune these codes ? or maybe send me a perfectly working one, Preferably for Linux ? Thanks.
Current thread:
- Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Yong S. Yi (Jan 01)
- Re: Unix * weirdness Forever shall I be. (Jan 01)
- Re: Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Warner Losh (Jan 01)
- Re: Unix * weirdness Bernie Cosell (Jan 01)
- Re: Unix * weirdness Blue Boar (Jan 01)
- iishack/tesoiis.c - What's wrong ? Ory Segal (Jan 03)
- Re: iishack/tesoiis.c - What's wrong ? Seth Georgion (Jan 03)
- Re: iishack/tesoiis.c - What's wrong ? The Underground Legendary Emperor (Jan 04)
- Re: Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Blue Boar (Jan 01)
- <Possible follow-ups>
- Re: Unix * weirdness Pierre Belanger (Jan 01)
- Re: Unix * weirdness Scott Hardy (Jan 01)
- Re: Unix * weirdness Antonomasia (Jan 01)