Re: Question Regarding new IIS escaped char exp.

From: H D Moore (hdmat_private)
Date: Mon May 21 2001 - 03:11:31 PDT

Next message: ConKing: "AW: question on an exploit"

Previous message: Kevin J. Menard, Jr.: "Re: FTP.exe risk:low"
In reply to: w1re p4ir: "Question Regarding new IIS escaped char exp."
Reply: Ralph Moonen: "Re: Question Regarding new IIS escaped char exp."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 17 May 2001 01:03 pm, w1re p4ir wrote:
> Ello all,
> If an IIS machine is patched against the Unicode Attack that was released
> many months ago... Does this exploit work? I haven't really been able to
> test it on a machine that ISN'T nt4.0 sp6/a. Anyone have any ideas? -wire

Yes it would work.  The new one also affects IIS 3.0, which was previously 
unexploitable (?) after the sample files had been removed.  I updated the 
unicoder.pl tool to use the new decode sequences and added an interactive 
mode per request (command shell).  A few new directories were added, which 
should make exploiting IIS 5.0 and OWA machines easier. You can grab the 
latest copy from:

http://www.digitaloffense.net/csw/unicoder.pl

-HD

Next message: ConKing: "AW: question on an exploit"
Previous message: Kevin J. Menard, Jr.: "Re: FTP.exe risk:low"
In reply to: w1re p4ir: "Question Regarding new IIS escaped char exp."
Reply: Ralph Moonen: "Re: Question Regarding new IIS escaped char exp."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 21 2001 - 09:43:53 PDT