Metasploit mailing list archives
iis50_printer_overflow
From: unknown.pentester at gmail.com (pagvac)
Date: Thu, 9 Mar 2006 23:55:22 +0000
After printf-ing the sploit[] buffer from [http://personal.telefonica.terra.es/web/alexb/e/jill.c], I noticed that there seems to be an HTTP header in the request called "Beavuh:". Is this something related to the IPP protocol, or is it simply something the exploit writer added as a "signature" (made up HTTP header with hacker's groupname?). If it's made up, was it added to fill a required number of bytes in memory? The HTTP request looks similar to this: GET /NULL.printer HTTP/1.0 Beavuh: [buffer_here] Host: [buffer_here] On 3/4/06, Dave Killion <dave.killion at gmail.com> wrote:
Sonixxfx, While I don't have much to offer on exploit-writing in general, I do remember when this issue came out, those many years ago. The original jill.c was the first 'kiddie-script-exploit' that I got working effectively against remote targets. Here's all the info I can remember about this issue - I don't know how much it you already have: http://www.microsoft.com/technet/security/bulletin/ms01-023.asp http://archives.neohapsis.com/archives/bugtraq/2001-05/0006.html http://www.securityfocus.com/bid/2674/discuss http://www.cert.org/advisories/CA-2001-10.html http://nvd.nist.gov/nvd.cfm?cvename=CVE-2001-0241 Here's a link to the exploit C code I mentioned: http://personal.telefonica.terra.es/web/alexb/e/jill.c Maybe looking through it, despite your lack of C knowledge, will help some. It really is compile-and-own script-kiddie-friendly code. I hope these help... -- Dave Killion, CISSP Contributing Author, Configuring NetScreen Firewalls On 3/3/06, Sonixxfx <sonixxfx at gmail.com> wrote:It seems to me it would be good to do additional reading on this subject.I have seen some intresting things under the links section on the Metasploit website. Please let me know about other material I should read, especially if it would be a good addtion to Vinnie Liu's Chapter.Thanks. Regards, Ben
Current thread:
- iis50_printer_overflow, (continued)
- iis50_printer_overflow H D Moore (Mar 02)
- iis50_printer_overflow Sonixxfx (Mar 03)
- iis50_printer_overflow Sonixxfx (Mar 03)
- iis50_printer_overflow Dave Killion (Mar 04)
- iis50_printer_overflow zodiac (Mar 04)
- iis50_printer_overflow Sonixxfx (Mar 07)
- iis50_printer_overflow H D Moore (Mar 07)
- iis50_printer_overflow Michael Boman (Mar 08)
- iis50_printer_overflow Peter Lee (Mar 08)
- iis50_printer_overflow pagvac (Mar 09)
- iis50_printer_overflow Sonixxfx (Mar 03)
- iis50_printer_overflow H D Moore (Mar 02)
- iis50_printer_overflow pagvac (Mar 09)
- iis50_printer_overflow Dave Killion (Mar 09)