ok did anyone see a media exploit patch that will secure it remotely , cause with tftp and ftp renaming they can still connect , its the exploit thats implemmented to scan1000 or scan500

DId you mean to say with TFTP and FTP remaining, or renaming?

And how does the media exploit have anything to do with TFTP and FTP? I suppose you could use them to get a file over to backdoor a machine or something, but patching the Media exploit isn't going to solve that problem.

Clarification please...

yes well its going to patched the system if there is a media patch then , my bad tftp and ftp is nothing to do with it thats only for file transfer

i think the best way to secure the media hole is the followng:


1. rename c:\inetpub\scripts\nsiislog.dll.
2. copy a patched version of the nsiislog.dll into the folder.
3. kill dllhost.exe with a backdoor (i recommend shadow remote...) because port 34816 is still open even if u have already renamed the nsiislog.dll...
3. copy cmd.exe in c:\inetpub\scripts and rename it. then u can usually accesss the server like u do it with an iis bug http://ip/scripts/renamed_cmd.exe?/c+dir

then the server is perfectly secure

greetz

do you kno where i can get the patched nsiislog.dll from ?

hehe i like to know as well, i allready tryed google but no results

you can protect using nsiislog.dll or getad.exe

getad -> stops telnet and net server so can't do anything (can't upload or rehack) prtoected

Could you please tell me how to use it, i have find some info about it, but it's not gonna help me that much

Do you upload it true telnet and my main question is you say that no one can upload true telnet, but when you use this can you still acces the pc true the exploit 2 exec files ?


Greetz rvd