Penetration Testing mailing list archives

IIS 5.0 Privilege Escalation Exploit (Entercept Advisory)

From: H D Moore <hdm () secureaustin com>
Date: Tue, 21 Aug 2001 09:42:05 -0500

Code:
http://www.digitaloffense.net/iiscrack/

This is the exploit for the Entercept advisory:
http://www.entercept.com/news/uspr/08-15-01.asp

The details:
1. Create a ISAPI Extension DLL
2. Have the DLL call RevertToSelf()
3. Rename DLL to a "trusted" name (httpodbc.dll)
4. Stick in the scripts directory and instant SYSTEM access.

Look at the readme file in the zip (and the _extracted_ directory) for usage.

-- 
H D Moore
http://www.digitaldefense.net - work
http://www.digitaloffense.net -  play

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

IIS 5.0 Privilege Escalation Exploit (Entercept Advisory) H D Moore (Aug 21)