Vulnerability Development mailing list archives

Re: iishack/tesoiis.c - What's wrong ?

From: SysAdmin () SASSPRODUCTIONS COM (Seth Georgion)
Date: Mon, 3 Jan 2000 14:58:17 -0500


I have had the same problems but I haven't used the teso version. My only guess is that some servers have a Firewall in 
front of them set to deny outbound connections. From what I understand, and I defer to others, the exploit code forces 
the server to make an outbound request for the file. I think, and I'm really not sure, that this is designed so that 
the file can be anything you choose that you can serve. If this is the case than we all would be eternally grateful if 
someone could modify the source so that it sends a file in the same folder as iishack with an already specified name. 
Thus the program could automatically send the file hack.exe and you could just place the file you want to send, renamed 
to hack.exe, in the same folder. The other thing that I think might be going on is that the server is designed or the 
router set up so that no traffic is allowed to port 99 or any port other than 80 thus no workey, also, stupidly enough, 
ncx is hacked to only honor the first connection with the terminal so if you're using it on your site and getting 
connection requests at the same time it will drop the terminal to another connection request, i.e. a home user with a 
browser that won't see anything anyway. Someone should also change the version of ncx so it's passed with the argument 
to stay active. I wish I could write the code but then isn't that what vuln-dev is for?

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Ory
Segal
Sent: Monday, January 03, 2000 5:12 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: iishack/tesoiis.c - What's wrong ?

Hello,

While trying to make both codes work, the first on NT+IIS
And the second from a Linux box , I get the same results,
The Remote  server crashes, but no code is sent and uploaded, does anyone has a clue of how can I fine-tune these codes 
? or maybe send me a perfectly working one, Preferably for Linux ?

                                        Thanks.

Current thread:

Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Yong S. Yi (Jan 01)
- Re: Unix * weirdness Forever shall I be. (Jan 01)
  - Re: Unix * weirdness Blue Boar (Jan 01)
    - Re: Unix * weirdness Warner Losh (Jan 01)
    - Re: Unix * weirdness Bernie Cosell (Jan 01)
    - Re: Unix * weirdness Blue Boar (Jan 01)
    - iishack/tesoiis.c - What's wrong ? Ory Segal (Jan 03)
    - Re: iishack/tesoiis.c - What's wrong ? Seth Georgion (Jan 03)
    - Re: iishack/tesoiis.c - What's wrong ? The Underground Legendary Emperor (Jan 04)
- Re: Unix * weirdness Andrew W. Flury (Jan 01)
  - Re: Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness nascheme () ENME UCALGARY CA (Jan 01)
- <Possible follow-ups>
- Re: Unix * weirdness Pierre Belanger (Jan 01)
- Re: Unix * weirdness Scott Hardy (Jan 01)
- Re: Unix * weirdness Antonomasia (Jan 01)