Penetration Testing mailing list archives

[PEN-TEST] admin rights on an IIS 5.0 with unicode bug?

From: Renato Ettisberger <renato.ettisberger () CH PWCGLOBAL COM>
Date: Sun, 25 Mar 2001 17:38:01 +0200

Hi,

I'm doing a pen test and I found a IIS 5.0 (Win2k) with the Unicode bug.

As you know, there is a way to span a shell with admin rights on a IIS 4.0
with the Unicode bug.
I ask me, if there is a way to gain admin rights on an IIS 5.0, Win2k with
the Unicode bug too?

If I'm able to dump the password hash in crude form, how can I crack the
password?

F:0x020020000000000000000000....
V:0x00000000a800000......

If you have any suggestions or ideas, please let me know.

regards

Renato Ettisberger

----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.

Current thread:

[PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
  - Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- <Possible follow-ups>
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Wertheimer, Ishai (Mar 25)
  - Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? H D Moore (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 27)
  - Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? robmann (Mar 28)