| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5.2.0.9.2.20030213125021.011e8960@belegost.cimternet.com>
From: llevier at argosnet.com (Laurent LEVIER)
Subject: Unusual request
> I am looking for an exploit that will give you "root" on an unpatched
IIS box by simply typing a string in the address line in your browser.
Paul,
I understand 2 possibilities:
#1 - You wish to exploit an already existing vulnerability of IIS. Then
some of:
- IIS .HTR (MS bulletin MS02-028)
- ISAPI
(http://www.microsoft.com/technet/security/bulletin/ms02-018.asp)
- IIS BoF
(http://www.microsoft.com/technet/security/bulletin/ms99-019.asp)
- Frontpage (http://www.nsfocus.com/english/homepage/sa01-03.htm)
- ISAPI II
(http://www.microsoft.com/technet/security/bulletin/ms01-044.asp)
might be used. Some of them can be done with a simple URL as the infamous
Nimda/CodeRed did some months ago.
#2 - you are talking about a programming error coming from a
cgi/asp/php/... page leading to a "root compromise".
In that case, it is different, you have hundreds of softwares with such
errors and that's yours to decide which one will have your preference.
Notice in both cases the compromise is not necesseraly "root" but only
"http daemon user privileges" compromise.
In most of Windows boxes, it means System (which is definitely powerfull
enough to do many bad things).
Brgrds
Laurent LEVIER
IT Systems & Networks Security Expert
Powered by blists - more mailing lists