Compiled Microsoft Iis Ssl Remote Denial Of Servic

dr0zaxx

Apr 14 2004, 06:50 PM

I have attached the compiled code for the Microsoft IIS SSL Remote Denial of Service Exploit (MS04-011)

Use it wisely, not blindly

Compiled on a OpenBSD machine~

Brady

Apr 14 2004, 07:27 PM

thanks for the complitaion man...14 d/ls and no thanks given yet..tsk tsk...

eddy

Apr 14 2004, 07:48 PM

thanks man nice work

buzzons

Apr 14 2004, 09:06 PM

27 now :S

thanks a lot , not needed cos i just compiled on my box as well.. but thanks for the effort

buz

Erra

Apr 14 2004, 10:09 PM

Not for me, but thanks for posting, I have no use for DOS's

BLaCkOuT

Apr 14 2004, 10:34 PM

thanks a lot

xdccpt

Apr 14 2004, 10:40 PM

Thanks a lot m8

gonna check it

tazthedev

Apr 15 2004, 12:17 AM

thx

tweakz20

Apr 15 2004, 02:19 AM

error on run...
title- 16 bit MS-DOS Subsystem
C:\DOCUME~1\ADMINI~1.000\DESKTOP\05152004.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0000 IP:0077 OP:f0 37 05 0e 02 Choose 'Close' to terminate the application

(my cpu is AMD XP 2600+.. dunno what NTVDM is suppost to stand for...?)
point- i got an error on run... it said it was an illeagal instruction so i'm guessing it's not only me...?

MxMx

Apr 15 2004, 06:34 AM

hope a shellcode will be added soon

Killaloop

Apr 15 2004, 07:27 AM

QUOTE (tweakz20 @ Apr 15 2004, 02:19 AM)

error on run...
title- 16 bit MS-DOS Subsystem
C:\DOCUME~1\ADMINI~1.000\DESKTOP\05152004.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0000 IP:0077 OP:f0 37 05 0e 02 Choose 'Close' to terminate the application

(my cpu is AMD XP 2600+.. dunno what NTVDM is suppost to stand for...?)
point- i got an error on run... it said it was an illeagal instruction so i'm guessing it's not only me...?

ntvdm is Windows 16-bit Virtual Machine used to execute a 16-bit process on a 32-bit platform.
however can't get this one to run

MxMx
You won't see a working exploit with shellcode for this because there is no universal adress... on every exploitation you jump somewhere else.
impossible for a remote exploit with shellcode.

langzi

Apr 15 2004, 07:58 AM

thanks !!!

BuzzDee

Apr 15 2004, 09:42 AM

CODE

You won't see a working exploit with shellcode for this because there is no universal adress... on every exploitation you jump somewhere else.
impossible for a remote exploit with shellcode.

how did u find out that? i mean why does it jump somewhere else on every exploitation? u overflow the buffer and overwrite the return address with ur own (where the sellcode starts). so it jumps to the adress u want to and not to somewhere else on every exploitation. or did i get anything wrong? if yes - sry - im still learning all this

greetz,
buzz

Killaloop

Apr 15 2004, 10:32 AM

QUOTE (BuzzDee @ Apr 15 2004, 09:42 AM)

CODE

You won't see a working exploit with shellcode for this because there is no universal adress... on every exploitation you jump somewhere else.
impossible for a remote exploit with shellcode.

how did u find out that? i mean why does it jump somewhere else on every exploitation? u overflow the buffer and overwrite the return address with ur own (where the sellcode starts). so it jumps to the adress u want to and not to somewhere else on every exploitation. or did i get anything wrong? if yes - sry - im still learning all this

greetz,
buzz

it depends on how big the adress space is. but forget it I mixed it up with another 0day vulnerability (too many lately).
you cannot include a shellcode for this vulnerability because it allows no code execution or something its just good old DoS which stops the SSL service to respond to requests.

this one is what we have to wait for

Windows Local Security Authority Service Remote Buffer Overflow