Metasploit mailing list archives
iis50_printer_overflow
From: dave.killion at gmail.com (Dave Killion)
Date: Thu, 9 Mar 2006 16:44:32 -0800
I'm fairly certain that was a 'props' header, but it's been so long, I honestly can't remember. On 3/9/06, pagvac <unknown.pentester at gmail.com> wrote:
After printf-ing the sploit[] buffer from [http://personal.telefonica.terra.es/web/alexb/e/jill.c], I noticed that there seems to be an HTTP header in the request called "Beavuh:". Is this something related to the IPP protocol, or is it simply something the exploit writer added as a "signature" (made up HTTP header with hacker's groupname?). If it's made up, was it added to fill a required number of bytes in memory? The HTTP request looks similar to this: GET /NULL.printer HTTP/1.0 Beavuh: [buffer_here] Host: [buffer_here] On 3/4/06, Dave Killion <dave.killion at gmail.com> wrote:Sonixxfx, While I don't have much to offer on exploit-writing in general, I do remember when this issue came out, those many years ago. The original jill.c was the first 'kiddie-script-exploit' that I got workingeffectivelyagainst remote targets. Here's all the info I can remember about this issue - I don't know howmuchit you already have: http://www.microsoft.com/technet/security/bulletin/ms01-023.asp http://archives.neohapsis.com/archives/bugtraq/2001-05/0006.html http://www.securityfocus.com/bid/2674/discuss http://www.cert.org/advisories/CA-2001-10.html http://nvd.nist.gov/nvd.cfm?cvename=CVE-2001-0241 Here's a link to the exploit C code I mentioned: http://personal.telefonica.terra.es/web/alexb/e/jill.c Maybe looking through it, despite your lack of C knowledge, will helpsome.It really is compile-and-own script-kiddie-friendly code. I hope these help... -- Dave Killion, CISSP Contributing Author, Configuring NetScreen Firewalls On 3/3/06, Sonixxfx <sonixxfx at gmail.com> wrote:It seems to me it would be good to do additional reading on thissubject.I have seen some intresting things under the links section on theMetasploitwebsite. Please let me know about other material I should read,especiallyif it would be a good addtion to Vinnie Liu's Chapter.Thanks. Regards, Ben
-- Dave Killion, CISSP Contributing Author, Configuring NetScreen Firewalls -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060309/e8e681fc/attachment.htm>
Current thread:
- iis50_printer_overflow, (continued)
- iis50_printer_overflow Sonixxfx (Mar 03)
- iis50_printer_overflow Sonixxfx (Mar 03)
- iis50_printer_overflow Dave Killion (Mar 04)
- iis50_printer_overflow zodiac (Mar 04)
- iis50_printer_overflow Sonixxfx (Mar 07)
- iis50_printer_overflow H D Moore (Mar 07)
- iis50_printer_overflow Michael Boman (Mar 08)
- iis50_printer_overflow Peter Lee (Mar 08)
- iis50_printer_overflow pagvac (Mar 09)
- iis50_printer_overflow Sonixxfx (Mar 03)
- iis50_printer_overflow pagvac (Mar 09)
- iis50_printer_overflow Dave Killion (Mar 09)