IIS 5.0 Privilege Escalation Exploit (Entercept Advisory)

From: H D Moore (hdmat_private)
Date: Tue Aug 21 2001 - 07:42:05 PDT

Next message: Dave Aitel: "New tool for you: dcetest"

Previous message: Pete Finnigan: "Re: sql injection: mysql/php4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Code:
http://www.digitaloffense.net/iiscrack/

This is the exploit for the Entercept advisory:
http://www.entercept.com/news/uspr/08-15-01.asp

The details:
1. Create a ISAPI Extension DLL
2. Have the DLL call RevertToSelf()
3. Rename DLL to a "trusted" name (httpodbc.dll)
4. Stick in the scripts directory and instant SYSTEM access.

Look at the readme file in the zip (and the _extracted_ directory) for usage.

-- 
H D Moore
http://www.digitaldefense.net - work
http://www.digitaloffense.net -  play

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Dave Aitel: "New tool for you: dcetest"
Previous message: Pete Finnigan: "Re: sql injection: mysql/php4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 10:09:11 PDT