Penetration Testing mailing list archives
Re: IIS HTR Exploit ?
From: <r00t () online ie>
Date: Wed, 19 Jun 2002 09:45:13 +0100
Sorry bout this second message: Some PPL want specific bid numbers: Well here it is: 4855 Like I said the only thing close to a working exploit (that I am aware of) is the eeye sample code. However all this code does is, proves a host is vulnerable. There are one or two others as well, but they dont got shellcode = t aint gonna work. Please Please help .... Calling all b-hats, please pass me your BID:4855 IIS5.0 W2k exploits. Thank you kindly Mark Quoting Erik Birkholz <erik () foundstone com>:
There are HTR expolits. Eeye has been droppin them since blackhat 1999; at the venetion (alarms and all) Ahhh the good ole days If you mean the new sploit, please specify the BID so we know what you are talking about =-) Erik Pace Birkholz, CISSP Principal Consultant - FOUNDSTONE 323 252 5916
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- IIS HTR Exploit ? r00t (Jun 18)
- <Possible follow-ups>
- Re: IIS HTR Exploit ? r00t (Jun 19)
- Re: IIS HTR Exploit ? Vitaly Osipov (Jun 20)