Penetration Testing mailing list archives

Re: IIS HTR Exploit ?

From: "Vitaly Osipov" <witt () iol ie>
Date: Thu, 20 Jun 2002 18:57:40 +0100


----- Original Message -----
From: <r00t () online ie>


Please Please help ....

Calling all b-hats, please pass me your BID:4855 IIS5.0 W2k exploits.


Heh, so that you can successfully charge your pen-test customers? :)

Speaking seriously, I think there is none at the time - heap overflows are
veeeeeeery difficult to exploit (compared to stack-related buffer overflows,
where there is an almost standard procedure). If anybody *does* have an
exploit code, they are probably folks from eEye and from NGS Software, who
discovered the vulnerability recently.

DoS thing would be much easier to accomplpish I guess - it's much easier to
destroy heap structures blindly then trying to overwrite them on purpose...
One theoretical way of exploiting might be through structured exceptions
handling -
http://online.securityfocus.com/archive/82/277162/2002-06-17/2002-06-23/2

Regards,
Vitaly Osipov, CISSP etc :)


Thank you kindly

Mark


Quoting Erik Birkholz <erik () foundstone com>:

There are HTR expolits.  Eeye has been droppin them  since blackhat

1999; at

the venetion (alarms and all)

Ahhh the good ole days

If you mean the new sploit, please specify the BID so we know what you

are

talking about

=-)


Erik Pace Birkholz, CISSP
Principal Consultant - FOUNDSTONE
323 252 5916





--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please

see:

https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

IIS HTR Exploit ? r00t (Jun 18)
- <Possible follow-ups>
- Re: IIS HTR Exploit ? r00t (Jun 19)
  - Re: IIS HTR Exploit ? Vitaly Osipov (Jun 20)