Results 1 to 7 of 7

Thread: Microsoft IIS FTP 5.0 Remote SYSTEM Exploit

Hybrid View

  1. #1
    Developer muts's Avatar
    Join Date
    Jan 2006
    Posts
    272

    Default Microsoft IIS FTP 5.0 Remote SYSTEM Exploit



    A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited [...]

    More...

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Mubix has also made a quick nmap script to search out this vulnerability.

    More info on that here

  3. #3
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    7

    Default

    Doesnt work under w2003 server patched.

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by voodooo View Post
    Doesnt work under w2003 server patched.
    That's why is called an IIS 5.0 exploit!
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Moderator
    Join Date
    Jan 2010
    Posts
    167

    Default

    for german windows 2k prof you can use the following JMP ESP:

    Code:
    $retaddr = "\x7B\x30\xE3\x77"; # JMP ESP german win2k platforms (fully patched)

    More details including screenshot can be found here: http://www.s3cur1ty.de/iis-ftp-exploit-german-win2k

    m-1-k-3

  6. #6
    Junior Member Armagedeon's Avatar
    Join Date
    Feb 2008
    Posts
    86

    Default Replication Problem

    Hello everyone

    After a while I'm back... waiting eagerly for the final release of BT4...
    I've tried to replicate this in a win2k Server SP0 box, in a VMware environment with no luck… could it be that the return address for JMP ESP is different in server version??? Or could it be related to the VMware environment? Any thoughts??

    Thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •