Mubix has also made a quick nmap script to search out this vulnerability.
More info on that here
Microsoft IIS FTP 5.0 Remote SYSTEM Exploit
A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited [...]
More...
Mubix has also made a quick nmap script to search out this vulnerability.
More info on that here
Doesnt work under w2003 server patched.
That's why is called an IIS 5.0 exploit!Originally Posted by voodooo
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
for german windows 2k prof you can use the following JMP ESP:
Code:$retaddr = "\x7B\x30\xE3\x77"; # JMP ESP german win2k platforms (fully patched)
More details including screenshot can be found here: http://www.s3cur1ty.de/iis-ftp-exploit-german-win2k
m-1-k-3
Replication Problem
Hello everyone
After a while I'm back... waiting eagerly for the final release of BT4...
I've tried to replicate this in a win2k Server SP0 box, in a VMware environment with no luck… could it be that the return address for JMP ESP is different in server version??? Or could it be related to the VMware environment? Any thoughts??
Thanks.
The JMP ESP is different in the different Service Packs and also in the different languages.Hello everyone
I've tried to replicate this in a win2k Server SP0 box, in a VMware environment with no luck… could it be that the return address for JMP ESP is different in server version??? Or could it be related to the VMware environment? Any thoughts??
m-1-k-3
Posting Permissions
