Re: Unusual request

[Laurent LEVIER <llevier () argosnet com>]

> I am looking for an exploit that will give you "root" on an unpatched 
IIS box by simply typing a string in the address line in your browser.

Paul,

I understand 2 possibilities:

#1 - You wish to exploit an already existing vulnerability of IIS. Then 
some of:
        - IIS .HTR (MS bulletin MS02-028)
        - ISAPI 
(http://www.microsoft.com/technet/security/bulletin/ms02-018.asp)
        - IIS BoF 
(http://www.microsoft.com/technet/security/bulletin/ms99-019.asp)
        - Frontpage (http://www.nsfocus.com/english/homepage/sa01-03.htm)
        - ISAPI II 
(http://www.microsoft.com/technet/security/bulletin/ms01-044.asp)
might be used. Some of them can be done with a simple URL as the infamous 
Nimda/CodeRed did some months ago.

#2 - you are talking about a programming error coming from a 
cgi/asp/php/... page leading to a "root compromise".
In that case, it is different, you have hundreds of softwares with such 
errors and that's yours to decide which one will have your preference.

Notice in both cases the compromise is not necesseraly "root" but only 
"http daemon user privileges" compromise.
In most of Windows boxes, it means System (which is definitely powerfull 
enough to do many bad things).

Brgrds

Laurent LEVIER
IT Systems & Networks Security Expert



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html