H D Moore wrote: > can anyone provide a Chinese to > English translation for the readme? A little rough, but this is basically what it says: ******************** IIS privilege escalation tool by isno Includes the following: idq.dll: ISAPI program for privilege escalation ispc.exe: client-side program for connecting Brief explanation: This software makes use of the IIS 5.0 + SP0 (SP1, SP2) privilege checking hole to obtain SYSTEM privilege; all you have to do is upload idq.dll to an executable directory of IIS, and you can obtain SYSTEM privilege. How to use: First use the UNICODE or double decoding hole to upload idq.dll to an executable directory, for example /scripts, and then use ispc.exe to connect: C:\>ispc 127.0.0.1/scripts/idq.dll Start to connect to the server... We Got It! Please Press Some <Return> to Enter Shell.... Microsoft Windows 2000 [Version 5.00.2195] (C) All rights reserved 1985-1998 Microsoft Corp. C:\WINNT\system32> The cmd.exe thus obtained has SYSTEM privileges. N.B.: 1. After you've uploaded idq.dll to an IIS executable directory, it must be called one of the following: idq.dll httpext.dll httpodbc.dll ssinc.dll msw3prt.dll author.dll admin.dll shtml.dll sspifilt.dll compfilt.dll pwsdata.dll md5filt.dll fpexedll.dll If you use another name, then there's no way to obtain SYSTEM privilege. 2. After you've finished entering a command, you must hit carriage return three times, [next bit is dodgy] to get a prompt back. 3. SP3 is not affected by this hole. ******************** Cheers Dominic ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Sep 12 2001 - 10:11:24 PDT