Risk of sounding like a newbee but i gotta ask [Archive] - Antionline Forums

Click to See Complete Forum and Search --> : Risk of sounding like a newbee but i gotta ask

Euclid

February 14th, 2002, 07:17 AM

I know i am going to get major flamed for this but oh well

Like i said in another post. I will be the first to admit that I dont know as much as i would like to know but I am trying. From reading tutorials,website to going to places like this. But luckly my work has signed up for Mindleaders so I am getting free training now for free with many topics like IIS 4 , TCP/IP , LAN , C++ , Visual basics 4-6 , Unix , and A+ certification

So i hope that this will help speed up the learning process

Anyways on to my point

What i was wondering is in the post that someone found a server with a bunch of exploits on it and that it runs arbritary code you can gain access

Ok this was the code:
GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe

What i want to know is what /..%c0%af../ means..... I have a little html knowledge so i know (or at least am assuming ) that the % = space as for the C0 and AF i dont know

Also if you have any where where i can go to learn the Microsoft Exploits for IIS servers that would be appreceated

I have been looking but all i can find are reports about them, what i want to know is how they are done....Dont get me wrong though i am not just some skipt kiddie who is going to go exploiting every IIS server that I can, I just want to know the logic behind it what it does and how it works and how to do it

Thanks

{P²P}Apocalypse

February 14th, 2002, 07:26 AM

So not to get into any long drawn out detailed tut on how to hack a IIS server. I'll give you the best way to figure one out. Learn the ins and outs for yourself. In otherwords attempt breaking into your own stuff. Set it up one way and see if you can exploit it or oWn it. Do it internaly or externaly with appropriate permissions so you don't get tagged a "terrorist" by your own company. I have had many people tell me before. Do this or that. However, I never learned until I did it hands on attempting to gain access to my own network. Become the network, be the network. Books and advice come easy. First hand you can grow on. Give it a try. What do you have to loose.

A hint. IIS Security sucs......... :D

Tedob1

February 14th, 2002, 07:42 AM

/..%c0%af../ = /../

/../ is ascii, which the computer interpets to mean go up a directory

/..%c0%af../ is unicode, which also says go up a directory

This is an iis 4/5 exploit. it seems that the iis server which is capable of handeling unicode, carries out unicode instruction before it submits them to security checks, so in an unpatched server its possible to go beyond the normal restriction and access files above the web root.

for more nt type stuff id try packetstorm-security

siouxchief

February 25th, 2002, 01:34 AM

Greetings from Ireland Euclid
This should explain everything i think u wanted to know.

http://www.interphaze.org/bits/britneysnthackguide.html