exploiting BID 529

[m a <aznxy () yahoo com>]

Running a pen test on some web servers.

Some were verified to have RDS version is 1.5 thus:
http://10.1.1.1/msadc/readme.txt

Here is the exploit:
http://www.securityfocus.com/bid/529/exploit/

I have tried unicode directory traversal which doesn't work.

Running msadc works
$ ./msadc.pl -h 10.1.1.1 -N
-- RDS smack v2 - rain forest puppy / ADM / wiretrip --
Machine name: NT2

I am trying to execute some cmd /c commands, however just trying to echo >xxx a file to the default path of msadc and 
the wwwroot does not yield anything I can open. I am largely trying to verify that the commands work.

Even if this does work (and the default paths are changed) I am nost sure what else I can do with it considering the
firewall is filtering out everything apart from 80 and 443 (some host
probably just one) inbound. I could potentially try killing the inet process and then implant nc.exe and have it take 
over on 80 or 443 but that would be to intrusive.

Here's some more reading on this (this guy had the benefit of unicode):
http://www.honeynet.org/scans/scan14/rfp.html

Any help much appreciated.