hey,

if i find vul hosts for IIS-Vuln with x-scan 2.3, how can i exploit em then?
i tryed to search for more info - but haven't found what i needed.
i hope someone gives me a hint.

thx in advance
greets
k3Rn

Hmm...the iis vulnarability that xscan searches for is unicode. Damn thats old...so google for iis unicode. This exploit is so old that I remember seeing a ton of tutorials and texts about it. Heh...even astalavista has tutorials on unicode.

you could try out

FreeIIS
fxscanner -its in the forum somewhere

as a replacement to it

this normallaly works:

http://<address>/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\

that is for english servers 2k pre sp3 and nt sp6,

there are loads of replacements for the ..%c0%af.. for all kinds of stuff but this is the most common.


if you find a server vulnerble to that you might aswell try "my liccle proggie exploit" in the windows section, itll give you a cmd sheelllll rather than this way just fives you DOS (thats disk operating system not denial of service), in the internet explorer and sometimes returns starnge errors.

regards,

DIZ
UK

iis and unicodes and this shit is old, so you can access the cmd.exe through some hexcode (plantext \...\winnt/system32\cmd.exe or so *g*) so if u exec the command cmd.exe?/c+dir+c:\ víá http (ie) and you get the dir listing of c:\ try to exec the echo command and write your ftp script, if echo isn't allowed try tftp, if it's not allowed try rpc.exe .... if the server runs a firewall you need to fu** this fw or