Metasploit mailing list archives

MS03-051

From: hdm at metasploit.com (H D Moore)
Date: Wed, 6 Sep 2006 12:58:22 -0500

The way around those limitations is to use Meterpreter as the payload. The 
exploit itself shouldn't be responsible for anything that happens after 
code execution starts. When exploiting ISAPI bugs on IIS 5.1, you have to 
use Meterpreter (and the 'revert' command) to actually get a command 
shell, since the IUSR account doesn't have access to cmd.exe, but the 
IWAM account does.

Glad to see that people care about this stuff :-)

-HD

On Wednesday 06 September 2006 12:52, Greg Linares wrote:

Oh well, yeah that iis_fp30reg_chunked exploit has its limitations, I
think it just runs code in the context of IUSR_BROWSER, although there
is a plethora of pipe-hijacking\privlidge escalation code that could be
ran in conjuction with it.

Current thread:

MS03-051 jack ciabatta (Sep 06)
- MS03-051 Pusscat (Sep 06)
  - MS03-051 encrypted code (Sep 06)
    - MS03-051 Greg Linares (Sep 06)
- MS03-051 H D Moore (Sep 06)
  - MS03-051 Greg Linares (Sep 06)
    - MS03-051 H D Moore (Sep 06)
    - MS03-051 Greg Linares (Sep 06)
    - MS03-051 Rhys Kidd (Sep 06)
    - MS03-051 H D Moore (Sep 06)
    - MS03-051 Nicolas RUFF (Sep 14)