Risk of sounding like a newbee but i gotta ask
Results 1 to 4 of 4

Thread: Risk of sounding like a newbee but i gotta ask

  1. #1
    Senior Member
    Join Date
    Dec 2001
    Posts
    304

    Risk of sounding like a newbee but i gotta ask

    I know i am going to get major flamed for this but oh well

    Like i said in another post. I will be the first to admit that I dont know as much as i would like to know but I am trying. From reading tutorials,website to going to places like this. But luckly my work has signed up for Mindleaders so I am getting free training now for free with many topics like IIS 4 , TCP/IP , LAN , C++ , Visual basics 4-6 , Unix , and A+ certification

    So i hope that this will help speed up the learning process

    Anyways on to my point

    What i was wondering is in the post that someone found a server with a bunch of exploits on it and that it runs arbritary code you can gain access

    Ok this was the code:
    GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe

    What i want to know is what /..%c0%af../ means..... I have a little html knowledge so i know (or at least am assuming ) that the % = space as for the C0 and AF i dont know

    Also if you have any where where i can go to learn the Microsoft Exploits for IIS servers that would be appreceated

    I have been looking but all i can find are reports about them, what i want to know is how they are done....Dont get me wrong though i am not just some skipt kiddie who is going to go exploiting every IIS server that I can, I just want to know the logic behind it what it does and how it works and how to do it

    Thanks
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    883

    Post

    So not to get into any long drawn out detailed tut on how to hack a IIS server. I'll give you the best way to figure one out. Learn the ins and outs for yourself. In otherwords attempt breaking into your own stuff. Set it up one way and see if you can exploit it or oWn it. Do it internaly or externaly with appropriate permissions so you don't get tagged a "terrorist" by your own company. I have had many people tell me before. Do this or that. However, I never learned until I did it hands on attempting to gain access to my own network. Become the network, be the network. Books and advice come easy. First hand you can grow on. Give it a try. What do you have to loose.

    A hint. IIS Security sucs.........
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    /..%c0%af../ = /../

    /../ is ascii, which the computer interpets to mean go up a directory

    /..%c0%af../ is unicode, which also says go up a directory

    This is an iis 4/5 exploit. it seems that the iis server which is capable of handeling unicode, carries out unicode instruction before it submits them to security checks, so in an unpatched server its possible to go beyond the normal restriction and access files above the web root.

    for more nt type stuff id try packetstorm-security
    Bukhari:V3B48N826 The Prophet said, Isnt the witness of a woman equal to half of that of a man? The women said, Yes. He said, This is because of the deficiency of a womans mind.

  4. #4

    here u go

    Greetings from Ireland Euclid
    This should explain everything i think u wanted to know.


    http://www.interphaze.org/bits/britneysnthackguide.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •