New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003
SCInfo_at_SMTPCommander.com
Date: 08/27/05
- Previous message: Pete Herzog: "Re: Scan virtual hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Aug 2005 16:50:27 -0000 To: pen-test@securityfocus.com('binary' encoding is not supported, stored as-is) I'd like to annouce a new tool that could be useful in pen testing, or for administration use for a server running SMTP via IIS 5.0, 6.0, including Exchange 2000/2003 and SBS 2000/2003.
The tool won't help you get on a box, but once you are in installing it will help you stay on it or issue commands through SMTP email as the carrier.
Free! Donations accepted.
Beta version ready to download.
Basic overview:
* runs with "system" privilages
* input is normal email, results returned to send via email
* single dll, must have admin rights to install and register
* no service, no task will show (runs under IIS)
* only known ways to detect it is find the actual DLL, or use script to examine events for SMTP
* passes email thru unless trigger in subject given
* allows shell commands as system acct
* get/put files from/to server
* reg read/write commands
Example uses tested so far:
* put pwdump2 on server, execute, return sam file
* dump registry to file and return
* explore drives using directory
I'm interested in any feedback, post a reply or email me at SCInfo@SMTPCommander.com
- Previous message: Pete Herzog: "Re: Scan virtual hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
