Stunnel / Unitools / IIS Question

["Steven Kieffer" <skieffer () ebiz-tech com>]

I've got a problem.  I've used the handy dandy unitools (by Roelof
Temmingh), Unicodeloader.pl script to upload its upload.asp and upload.inc
files to the victim IIS server with the various IIS folder traversal
vulnerabilities.  This worked like a charm every time via port 80.

I now have a client with an IIS server on port 443 with the msadc.dll
vulnerability.  I was able to take advantage of the vulnerability to copy
cmd.exe into the /scripts directory.  We modified the Unicodeloader.pl
script to use the now available cmd.exe.

In order to run the utility, I attach via Stunnel.  The upload works and
both the upload.asp and the upload.inc get up the IIS servers webroot.  The
only problem is that in the transferred upload.inc script, every instance of
+ is replaced with a space.

Not sure why this is happening.  All I know is that when I upload the
upload.inc file via straight port 80 it's fine and going through Stunnel the
+ is replaced with a space.

My goal is to get Netcat up there (of course).

Does anybody know what Is going on here and what I can do to get around it?


Steven Kieffer, CISSP


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/