Full Disclosure mailing list archives
Re: Unusual request
From: Laurent LEVIER <llevier () argosnet com>
Date: Thu, 13 Feb 2003 12:57:52 +0100
> I am looking for an exploit that will give you "root" on an unpatched IIS box by simply typing a string in the address line in your browser.
Paul, I understand 2 possibilities:#1 - You wish to exploit an already existing vulnerability of IIS. Then some of:
- IIS .HTR (MS bulletin MS02-028)- ISAPI (http://www.microsoft.com/technet/security/bulletin/ms02-018.asp) - IIS BoF (http://www.microsoft.com/technet/security/bulletin/ms99-019.asp)
- Frontpage (http://www.nsfocus.com/english/homepage/sa01-03.htm)- ISAPI II (http://www.microsoft.com/technet/security/bulletin/ms01-044.asp) might be used. Some of them can be done with a simple URL as the infamous Nimda/CodeRed did some months ago.
#2 - you are talking about a programming error coming from a cgi/asp/php/... page leading to a "root compromise". In that case, it is different, you have hundreds of softwares with such errors and that's yours to decide which one will have your preference.
Notice in both cases the compromise is not necesseraly "root" but only "http daemon user privileges" compromise. In most of Windows boxes, it means System (which is definitely powerfull enough to do many bad things).
Brgrds Laurent LEVIER IT Systems & Networks Security Expert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Unusual request Paul Schmehl (Feb 12)
- Re: Unusual request Ivan Susanin (Feb 13)
- Re: Unusual request Laurent LEVIER (Feb 13)
- Re: Unusual request Berend-Jan Wever (Feb 13)
- Re: Unusual request Day Jay (Feb 13)
- Re: Unusual request Henrik Lund Kramshøj (Feb 15)
- <Possible follow-ups>
- RE: Unusual request Sung J. Choe (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- Re: Unusual request Nexus (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- Re: Unusual request aeonflux (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- RE: Unusual request Steve Wray (Feb 12)