MS01-026 - proof of concept - Followup

[Filip Maertens <filip () securax be>]

A few remarks,

The following topics tackles some comments being made through private
e-mail.  Just clarification.

NOT UNICODE - This is not 100% unicode we are talking about.  This is
the vulnerability as discovered by NSFOCUS Security
Advisory(SA2001-02).  This has been documented by Microsoft as being
MS01-026 or to be found at the CERT ( CERT® Advisory CA-2001-12 ).
Please read the history in the advisory to get a full update on the
whereabouts of this vulnerability.  This five-minute code snippet is
meant to provide an easy to use testing interface for your IIS
webservers.  Nothing more, nothing less.


CRIPPLED : Seems I've been sending the backup-code I had on my Windows
machine instead of the working one on my OpenBSD testing machine.  It
will spit out with an error code, everyone with even pre-basic C
knowledge will know how to solve this, however, simply put brackets on
the if instruction like this:

  if ( ( strstr(recvbuffer,"404") == NULL ) ) {
         while(recv(create_socket, recvbuffer, 1, 0) > 0)
                {
                  printf("%c", recvbuffer[0]);
                 }
   }else {
     printf(" -- Wrong command processing. \n");
   }


PROOF OF CONCEPT - Tool or weapon?  I guess everyone gets these
discussions now and then, and I don't even want to go that way.  The
advisory is very clear, the patch is there...  I do not see any harm in
having a quick'n'dirty interface for this vulnerability on this
advisory.  Mind you, anyone with a netcat can pull off the exact same
thing.  Hence the fact it's even a waste of time wasting C on this one,
but it just happened I had to write this one for testing purposes on our
own IIS testing machines, and I didn't felt like opening a netcat
connection and manually typing the GET request.  There is no logic, I
know... :-)



Cheers,
</filip>