IIS 5.0 Privilege Escalation Exploit (Entercept Advisory)

From: H D Moore (hdmat_private)
Date: Tue Aug 21 2001 - 07:42:05 PDT

  • Next message: Dave Aitel: "New tool for you: dcetest"

    This is the exploit for the Entercept advisory:
    The details:
    1. Create a ISAPI Extension DLL
    2. Have the DLL call RevertToSelf()
    3. Rename DLL to a "trusted" name (httpodbc.dll)
    4. Stick in the scripts directory and instant SYSTEM access.
    Look at the readme file in the zip (and the _extracted_ directory) for usage.
    H D Moore
    http://www.digitaldefense.net - work
    http://www.digitaloffense.net -  play
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 10:09:11 PDT