exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 76 RSS Feed

Files

iis5x60.txt
Posted Oct 13, 2004
Authored by Amit Klein, Ory Segal aka Watchfire

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).

tags | advisory, web, denial of service
SHA-256 | 86be4f9097197602acfd076c6401bace0c652dc337ac4d228bd232c9ba16c4cb

Related Files

Microsoft IIS HTTP Internal IP Disclosure
Posted Sep 1, 2024
Authored by Matthew Dunn, Heather Pilkington | Site metasploit.com

Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions.

tags | exploit
systems | windows
advisories | CVE-2000-0649, CVE-2002-0422
SHA-256 | f5cd05c837ee40cc8d76e4b5fce64d92ed540c8b1d92111ed48c20b1a0540540
Microsoft IIS Shortname Scanner
Posted Sep 1, 2024
Authored by Soroush Dalili, egre55, MinatoTW, Ali Abbasnejad | Site metasploit.com

The vulnerability is caused by a tilde character "~" in a GET or OPTIONS request, which could allow remote attackers to disclose 8.3 filenames (short names). In 2010, Soroush Dalili and Ali Abbasnejad discovered the original bug (GET request). This was publicly disclosed in 2012. In 2014, Soroush Dalili discovered that newer IIS installations are vulnerable with OPTIONS.

tags | exploit, remote
SHA-256 | c2c9b14cdb1063f52d66445d57e8c716ba76df1d1393a1bdd2559d0ffd10e0bf
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
Posted Aug 31, 2024
Authored by Soroush Dalili, sinn3r | Site metasploit.com

This Metasploit module bypasses basic authentication for Internet Information Services (IIS). By appending the NTFS stream name to the directory name in a request, it is possible to bypass authentication.

tags | exploit
advisories | CVE-2010-2731
SHA-256 | 81c7985df2aff0d30d1f7d3ade0d49b345a4a07669ede4729c9660062ed8657d
Microsoft IIS FTP Server Encoded Response Overflow Trigger
Posted Aug 31, 2024
Authored by Matthew Bergin, jduck | Site metasploit.com

This Metasploit module triggers a heap overflow when processing a specially crafted FTP request containing Telnet IAC (0xff) bytes. When constructing the response, the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes. This issue can be triggered pre-auth and may in fact be exploitable for remote code execution.

tags | exploit, remote, overflow, code execution
advisories | CVE-2010-3972
SHA-256 | abed1f5c04a53ec53d5c8c7b407c490b68fdb3bae004065e4060e14c0df5f32a
Microsoft IIS FTP Server LIST Stack Exhaustion
Posted Aug 31, 2024
Authored by Kingcope, Myo Soe | Site metasploit.com

This Metasploit module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the "FTP Publishing" must be configured as "manual" mode in startup type 3) there must be at least one directory under FTP root directory. If your provided an FTP account has write-access privilege and there is no single directory, a new directory with random name will be created prior to sending exploit payload.

tags | exploit, denial of service, root
advisories | CVE-2009-2521
SHA-256 | 67404248bb76198423211333f1d01b1d47d12b762daf1e199c5e9619ec7c4de7
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
Posted May 11, 2017
Authored by Dominic Chell, FireFart, Zhiniang Peng, Chen Wu, zcgonvh, Rich Whitcroft | Site metasploit.com

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2017-7269
SHA-256 | dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8
MS IIS 6.0 Buffer Overflow NSE Script
Posted Apr 8, 2017
Authored by Rewanth Cool

This NSE script for Nmap exploits a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2.

tags | exploit, overflow
systems | windows
advisories | CVE-2017-7269
SHA-256 | 453e63883fdaffb5ec618ef53ef8f9b005dad44b6e71f23b25a260104dacbeaa
Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure
Posted Sep 29, 2014
Authored by Nate Power | Site metasploit.com

This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.

tags | exploit, web, info disclosure
SHA-256 | 9b7a26362762262f505e7f02227cb75f7b373f2560a109697a283d98dbb104e4
Microsoft IIS 6.0 / 7.5 Authentication Bypass
Posted Jun 11, 2012
Authored by Kingcope

Microsoft IIS versions 6.0 and 7.5 suffer from various authentication bypass vulnerabilities. 7.5 also suffers from a source code disclosure flaw.

tags | exploit, vulnerability, bypass
SHA-256 | 31f691d3442ef019996f5131a36d46a349b82fb445d8c3c399201566683d7edb
ISSA Ireland Security Conference 2011 Call For Papers
Posted Mar 29, 2011
Site issaireland.org

The ISSA Ireland Security Conference (IISC) 2011 call for papers has been announced. It will be held from May 11th through the 12th, 2011 in The Royal College of Physicians Ireland on Kildare Street, Dublin.

tags | paper, conference
SHA-256 | cc742e348803b4bebccc7e0c52ac2c3b04a64d189f3658425747a6b6c29779ab
IIS 5 Authentication Bypass
Posted Jul 3, 2010
Authored by Soroush Dalili | Site soroush.secproject.com

IIS 5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 37ea748726abfdcf90c5f620168c130aaee2fc345aa57be4c08c7f6c6dc47a6a
IISWorks FileMan Remote User Database Disclosure
Posted Jun 16, 2010
Authored by j0fer

IISWorks FileMan suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 38a4d64b8d788622a623151962b2b3e155249abd41c88ae39dc024e0fd6dba57
Microsoft IIS WebDAV Write Access Code Execution
Posted Feb 10, 2010
Site metasploit.com

This Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request.

tags | exploit, asp
SHA-256 | 4ec5b093ab1cb3f7824fc0789935b123c05d0f352410b2d130c1546774dfb524
Microsoft IIS ASP Bypass
Posted Dec 30, 2009
Authored by crossbower, emgent

This exploit is a simple malicious file creator that will help the users to create jpg images with metasploit shellcode. The file created must be browsed and then a shell will be bound to tcp/31337.

tags | exploit, shell, tcp, shellcode
SHA-256 | 3951e4d38ce2fbd2a74fe1c2298d117fcdff1053e5434ddda7f24fd0890d02b5
Microsoft IIS Semi-Colon Mitigation Code
Posted Dec 30, 2009
Authored by Derek Soeder

This code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.

SHA-256 | 258979f3104b310429262a5ee76831642e3256b938d895463e1848938fa31d00
IIS 5.0 FTP Stack Overflow Exploit
Posted Nov 18, 2009
Authored by Kingcope, Mati Aharoni, Tomoki Sanaki

Remake of the IIS 5.0 FTP server / remote SYSTEM exploit. Useful for Win2k/JP SP0 through SP3.

tags | exploit, remote
systems | windows
SHA-256 | ed41a61ee6a96323a70d1473d264138fe153fd8d0c341f6b6c99253319cc1ba0
Microsoft IIS 5.0 FTP Stack Overflow
Posted Sep 1, 2009
Authored by Mati Aharoni

Microsoft IIS version 5.0 FTP server remote stack overflow exploit for Windows 2000 SP4. Binds a shell to port 4444.

tags | exploit, remote, overflow, shell
systems | windows
SHA-256 | ce40cb6da965a415dbfc5397a6839d38275511d3ed979f7ce1fdfec8d8278203
Microsoft IIS FTP Server Stack Overflow
Posted Sep 1, 2009
Authored by Kingcope

Microsoft IIS versions 5.0 and 6.0 FTP server remote stack overflow exploit for Windows 2000.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 19aff66ba11cf22843fc9c8141c7d0a3402067ee062ec94813adce26357def3d
Microsoft IIS 6.0 WebDAV Bypass
Posted May 16, 2009
Authored by Kingcope

Microsoft IIS version 6.0 suffers from a WebDAV remote authentication bypass vulnerability.

tags | exploit, remote, bypass
SHA-256 | ed317aa9d45ad84a8984658e30b3b9bad93a6b391762859bbceb67cb7aa1cb6b
iis-dos.txt
Posted May 22, 2007
Authored by Kingcope

Microsoft IIS 6.0 /AUX/.aspx remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | befbaf311c1be1ef98f6433ed95ff3daee31ee10c817e56192b648bb3118e662
iis51asp.txt
Posted Dec 15, 2006
Authored by Brett Moore SA

IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.

tags | advisory, shell, asp
SHA-256 | 5a7c990b18f1d8d2164f708100f81623d7bd6a8ef8350f992cd9f06143afe20a
Microsoft.IIS.Malformed.URI.cpp
Posted Dec 28, 2005
Authored by Lympex | Site l-bytes.tk

Microsoft IIS 5.1 malformed URI denial of service exploit.

tags | exploit, denial of service
SHA-256 | 837498a4d744d992373c5ed655af6324ffb4059f266d8a1030be1af897c8de58
iisCrash.txt
Posted Dec 27, 2005
Authored by Inge Henriksen | Site ingehenriksen.blogspot.com

It appears that malformed HTTP requests to IIS versions 5.0, 5.1, and 6.0 allow for a remote crash of the service.

tags | advisory, remote, web
SHA-256 | 6d185deb53682ef93b3fa88fdec275761c1a6503427ac16a9c6c4de27066e357
iis_w3who_overflow.pm
Posted Jan 12, 2005
Authored by H D Moore | Site metasploit.com

Remote buffer overflow exploit for the w3who.dll in Microsoft Windows 2000. Drops to a command shell.

tags | exploit, remote, overflow, shell
systems | windows
advisories | CVE-2004-1134
SHA-256 | 791c811f7b49febb9fa1bb40a85b1ab1d9f1f2712120f52a797cf5c3770e9942
iis.pl.txt
Posted Oct 26, 2004
Authored by Diabolic Crab | Site digitalparadox.org

IIS 5 null pointer proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 80e021ee49bc8b8c86efd67d2904ce71e04ef0648b422b39cee57bf1dfef4527
Page 1 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close