Vulnerability Development mailing list archives

Re: iishack/tesoiis.c - What's wrong ?

From: benettor () VOLCANO GEO AUTH GR (The Underground Legendary Emperor)
Date: Wed, 5 Jan 2000 00:46:47 +0200


It has to do with the trojan. Sometimes a firewall doesn't allow to
connect. Try sending a lame trojan, i.e. netbus/BO server instead of
ncx.exe. Configure it on a high port such as 52000. You'll get the
answer. Crashing the remote server means vulnerability, and vulnerability
is bad :}

Ben

On Mon, 3 Jan 2000, Seth Georgion wrote:

I have had the same problems but I haven't used the teso version. My only guess is that some servers have a Firewall 
in front of them set to deny outbound connections. From what I understand, and I defer to others, the exploit code 
forces the server to make an outbound request for the file. I think, and I'm really not sure, that this is designed 
so that the file can be anything you choose that you can serve. If this is the case than we all would be eternally 
grateful if someone could modify the source so that it sends a file in the same folder as iishack with an already 
specified name. Thus the program could automatically send the file hack.exe and you could just place the file you 
want to send, renamed to hack.exe, in the same folder. The other thing that I think might be going on is that the 
server is designed or the router set up so that no traffic is allowed to port 99 or any port other than 80 thus no 
workey, also, stupidly enough, ncx is hacked to only honor the first connection with the terminal so if you're using 
it on your site and getting connection requests at the same time it will drop the terminal to another connection 
request, i.e. a home user with a browser that won't see anything anyway. Someone should also change the version of 
ncx so it's passed with the argument to stay active. I wish I could write the code but then isn't that what vuln-dev 
is for?

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Ory
Segal
Sent: Monday, January 03, 2000 5:12 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: iishack/tesoiis.c - What's wrong ?


Hello,

While trying to make both codes work, the first on NT+IIS
And the second from a Linux box , I get the same results,
The Remote  server crashes, but no code is sent and uploaded, does anyone has a clue of how can I fine-tune these 
codes ? or maybe send me a perfectly working one, Preferably for Linux ?

                                      Thanks.

Current thread:

Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Yong S. Yi (Jan 01)
- Re: Unix * weirdness Forever shall I be. (Jan 01)
  - Re: Unix * weirdness Blue Boar (Jan 01)
    - Re: Unix * weirdness Warner Losh (Jan 01)
    - Re: Unix * weirdness Bernie Cosell (Jan 01)
    - Re: Unix * weirdness Blue Boar (Jan 01)
    - iishack/tesoiis.c - What's wrong ? Ory Segal (Jan 03)
    - Re: iishack/tesoiis.c - What's wrong ? Seth Georgion (Jan 03)
    - Re: iishack/tesoiis.c - What's wrong ? The Underground Legendary Emperor (Jan 04)
- Re: Unix * weirdness Andrew W. Flury (Jan 01)
  - Re: Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness nascheme () ENME UCALGARY CA (Jan 01)
- <Possible follow-ups>
- Re: Unix * weirdness Pierre Belanger (Jan 01)
- Re: Unix * weirdness Scott Hardy (Jan 01)
- Re: Unix * weirdness Antonomasia (Jan 01)