hiho!

does anybody know something bout a new (maybe bit older) frontpage vuln?
if yes, does anybody has an exploit for this vuln?

scans look like that "Frontpage enable"

thx

black

do you mean http://www.k-otik.com/exploits/11.13.fp30reg.c.php ?
cgi-scanner: /_vti_bin/_vti_aut/fp30reg.dll

nize!
big thx..but..
does anyone has a compiled version?


black

hxxp://www.securitylab.ru/_exploits/fp30reg.exe

u don't get admin wrights and when it trys to drop shell freezes with both versions of this exploit

No request allowed.

well u DO get admin rights only on pefici dirs dude

try c:\
or c:\inetpub worked for me so

normaly u only get write and execute rights in c:\ or c:\inetpub\
but not in the system-root (e.g. c:\winnt\)

so you don't have "real" admin-rights

thx for the prog + x-ploit!

black

Hi,

Does anyone know which scanner i have to user to scan 4 this exploit?

thx

*klick*

sorry, but i have already written it in my posting

simply add "/_vti_bin/_vti_aut/fp30reg.dll" to your cgi-scanner-list and start scannin'


black

there's a Sfind for it that does it remotly when i am home from school il put it into downloads topic

cya mates

sry bt i really dunno how 2 scan 4 it ...
i don't find a cgi scanner where i add custom scans ..

Can i scan with xscan?
do i have to add it to "cgi.lst"?
Which item do i have to check to scan for it?
Can I remove all the other items, because i just want to scan 4 Frontpage?

Thx

You just need 2 scan for IIS... just use (e.g. dsns or your favourite scanner) and scan 4 port 80 with get banner function on.. if you're ready you gotta export results like ping $i or so,,,

but well, let me tell you that i had the experience that only every 1000th ip is vuln. suXX ass - bad results!

only the Windows 2000 Professional SP3 English version (fp30reg.dll ver 4.0.2.5526) is affected ?

I try many servers on Win2000 and no one work :/ Have anyone another offset?

yes, only sp 3

yes for Sp3 ...

hm..fuckin' bad results

does somebody has a scan-checking tool?? or can code on


black

Yeah thanks for the exploit and scan context.

guys, the exploit doesnt works. sometimes it says: Dropping to Shell
But then it hangs ups...

one time it worked..aftr trying bout 50scans (manual)

so i search (again and again) a scan-checker

hmm - scanchecker? just user a simple .bat file ! But as I said before.. too few servers are vuln (ony sp3).

if shell freezes you might have connected 2 another app running on that port.. had several mistakes - even .html code returned.. maybe patched?!

i've already thought bout a batch file..
but don't know how to go on!

my problems:
- to give the batch file the ips
- to go on checkin' when a host doesn't answer
- to log vuln servers in a file..

big thx!

worked out quit well


black

ty