Re: Windows 2000 .printer remote overflow proof ofconcept exploit

From: Nobuo Miwa (n-miwaat_private)
Date: Wed May 02 2001 - 23:33:45 PDT

Next message: Todd Ransom: "Re: Permanently remove iis printer mapping"

Previous message: dark spyrit: "IIS 5 remote exploit."
In reply to: Matt Power: "Re: Windows 2000 .printer remote overflow proof of concept exploit"
Next in thread: David Litchfield: "Re: Windows 2000 .printer remote overflow proof of concept exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

>   http://www.eeye.com/html/research/Advisories/iishack2000.c

That didn't work against Japanese version.
I've tried and got followings ;

   352 of 'a' + 0x7801CB65(address of "call ebx")

It will work against non-SP and SP1.

Cheers,
<Nobuo Miwa> n-miwaat_private       ( @ @ ) http://www.lac.co.jp/security/
-------------------------------o00o--(. .)--o00o--------------------------

Next message: Todd Ransom: "Re: Permanently remove iis printer mapping"
Previous message: dark spyrit: "IIS 5 remote exploit."
In reply to: Matt Power: "Re: Windows 2000 .printer remote overflow proof of concept exploit"
Next in thread: David Litchfield: "Re: Windows 2000 .printer remote overflow proof of concept exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 03 2001 - 13:49:29 PDT