Hi, We have been receiving some eMails from people saying that the iishack.exe on our website is not working for them and is just crashing the remote server. Here is what we know and do not know etc.. We have tested it on the English version of NT4.0, with IIS4.0, Service Pack 4 and 5. We have had some people eMail us that they have this configuration and it is not working... This very well could be possible that the offset we are using is not working for some dll's and such... people might have a different version and what not. For this case we *might* release a second exploit that uses a better offset that should work on all nt4.0 iis4.0 sp4 and sp5 machines but honestly it is not that big of a deal to us. The hole is there, and is exploitable and other people have been writing exploits for it also. We do know that our exploit probably does not work on sp3 because off the offset we use... we have gotten a few eMails about this and we never did test nor claim it worked on sp3 but we *might* in our second version of the exploit find a offset that works for sp3 also. I honestly think this post is in some ways pointless but maybe it will help to cut back some of the eMails we are getting about the above information. Thank you to everyone who has been helping out. Signed, Marc eEye Digital Security Team http://www.eEye.com P.S. Jump on over to technotronic.com for some good information and other exploits and such.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:36 PDT