Hi,

For my GIAC certification (GCIH) I am researching the .ASP Buffer Overflow vulnerability discovered by eeye.com in April 2002 but am having a hard time trying to exploit it.

I have setup a test (controlled) environment with a Windows 2000 server - unpatched. For the sake of the research paper I have to exploit the server using this vulnerability and capture various traffic etc. Also, I will have to write-up defenses for it.

I would appreciate any help you could provide, especially in figuring out how to exploit this vulnerability?

I have looked at and tried to use Hsj's exploit (iis-asp-overflow.c) from packetstorm but have not had any luck with that either.

Thanks.