Penetration Testing mailing list archives
Re: IIS HTR Exploit ?
From: "Vitaly Osipov" <witt () iol ie>
Date: Thu, 20 Jun 2002 18:57:40 +0100
----- Original Message ----- From: <r00t () online ie>
Please Please help .... Calling all b-hats, please pass me your BID:4855 IIS5.0 W2k exploits.
Heh, so that you can successfully charge your pen-test customers? :) Speaking seriously, I think there is none at the time - heap overflows are veeeeeeery difficult to exploit (compared to stack-related buffer overflows, where there is an almost standard procedure). If anybody *does* have an exploit code, they are probably folks from eEye and from NGS Software, who discovered the vulnerability recently. DoS thing would be much easier to accomplpish I guess - it's much easier to destroy heap structures blindly then trying to overwrite them on purpose... One theoretical way of exploiting might be through structured exceptions handling - http://online.securityfocus.com/archive/82/277162/2002-06-17/2002-06-23/2 Regards, Vitaly Osipov, CISSP etc :)
Thank you kindly Mark Quoting Erik Birkholz <erik () foundstone com>:There are HTR expolits. Eeye has been droppin them since blackhat
1999; at
the venetion (alarms and all) Ahhh the good ole days If you mean the new sploit, please specify the BID so we know what you
are
talking about =-) Erik Pace Birkholz, CISSP Principal Consultant - FOUNDSTONE 323 252 5916--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- IIS HTR Exploit ? r00t (Jun 18)
- <Possible follow-ups>
- Re: IIS HTR Exploit ? r00t (Jun 19)
- Re: IIS HTR Exploit ? Vitaly Osipov (Jun 20)