extreme
Feb 26 2004, 05:59 AM
I have unicode hacked server, but I don't know how to secure it. And searching net might take valuable time.. Anyone know?
TedOb1
Feb 26 2004, 07:05 AM
install your favorite back door then transfer the patch ms00-078 over. this can be run from the shell in quiet non-interactive mode and set not to re-boot but of course its not in effedct until it does. ms00-078 /? will show you the switchs you need to use. but unless its behind a firewall its going to take all the service packs and patches ever made to keep others from owning it. if its not being used as a web server but has it on by default you can alway remove iis as a service then net stop or pskill it
andydis
Feb 26 2004, 09:38 AM
delete the c:\inetpub\scripts directory?ŋ
chances are it has code red and all sorts tooo so might be abit sloow, depends what you are going to use it for?
could block port 80 (if its deault website)
check c:\windir%\system32\logfiles\wsv*\*.log for behaviour too and to handily deleted your loogged sessions and maybe find other servers that are sending
that long data that code red does; for other vulnerable servers you might want to go and look at :-)
extreme
Feb 26 2004, 03:56 PM
i thik silent patch will solve it, and maybe Aphex firewall..
Anyway, you gave me an idea.. If server is vulnaruble to Unicode, then it is vulnaruble to every other High Risk vuln.
I haven't been in scene that long, and can only think of RPC that is sure fire exploit.. Can you tell me some more?
metrox
Mar 4 2004, 06:13 PM
patch it silently with a microsoft path, if you donīt know install silently, cmdshell
"patch.exe /?"
torcuato
Mar 4 2004, 07:31 PM
well... to install the part silently I use "patch.exe -q -m"
technoboy
Mar 4 2004, 07:55 PM
and dont forget to do this when you are finished cleaning the mess in /scripts /msadc and others exploitable dir
| CODE |
cacls.exe %COMSPEC% /d IUSR_%COMPUTERNAME%
|
CALCS USAGE:
| QUOTE |
Displays or modifies access control lists (ACLs) of files
CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]]
[/P user:perm [...]] [/D user [...]]
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all subdirectories.
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be: R Read
W Write
C Change (write)
F Full control
/R user Revoke specified user's access rights (only valid with /E).
/P user:perm Replace specified user's access rights.
Perm can be: N None
R Read
W Write
C Change (write)
F Full control
/D user Deny specified user access.
Wildcards can be used to specify more that one file in a command.
You can specify more than one user in a command.
Abbreviations:
CI - Container Inherit.
The ACE will be inherited by directories.
OI - Object Inherit.
The ACE will be inherited by files.
IO - Inherit Only.
The ACE does not apply to the current file/directory. |
this file is part of any 2k/xp/2003 installation.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
