Vulnerability Development mailing list archives
Re: dos commands via iis 4 (TFTP)-NETBIOS
From: Paul Cardon <paul () MOQUIJO COM>
Date: Sat, 18 Nov 2000 14:21:47 -0500
booboo wrote:
Final one on this I think. Since we have the Extended Unicode Vulnerability already why not just modify iishack1.5 to create nc.exe instead of eeyerulez.asp and then launch nc.exe directly there without having to perform a buffer overlfow and crash the server. On Wed, 15 Nov 2000, MadHat wrote:booboo wrote:Since you already have more or less root level access on the web serverYou have nothing like root level access, you have what would be equiv. to nobody access... very limited overall. You have access as IUSER_<MACHINE> which is a member of the GUEST group, but with certain exploits, you can get that user added to the local Administrators group. Then you have more or less root level access.
You seem to have completely missed the point even though MadHat explained it clearly. Your suggestion would result in nc.exe connected to a command shell as IUSER_<MACHINE> which has very little privilege. eeyerulez.asp performs a buffer overflow that results in SYSTEM level access to the server. The question you must ask is do you want to be a luser on the system or do you want to 0wn it? -paul
Current thread:
- Re: dos commands via iis 4 (TFTP), (continued)
- Re: dos commands via iis 4 (TFTP) dsbelile (Nov 15)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 15)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)
- Re: dos commands via iis 4 (TFTP) Matt Zimmerman (Nov 16)
- Re: dos commands via iis 4 (TFTP) Bluefish (P.Magnusson) (Nov 16)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 18)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 19)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Illes Marci (Nov 21)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 22)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)
- Re: dos commands via iis 4 (TFTP) Robert A. Seace (Nov 11)