.

reliable remote code execution for IIS on Server 2008?

<<

camelCase

Newbie
Newbie

Posts: 12

Joined: Fri Apr 20, 2012 9:33 pm

Post Tue Jun 05, 2012 3:50 pm

reliable remote code execution for IIS on Server 2008?

Hello,

I am having trouble finding any reliable exploits for Server 2008. So I figured I would ask you guys. Do you know of any? Thanks!
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jun 05, 2012 4:21 pm

Re: reliable remote code execution for IIS on Server 2008?

I would look through the Exploit DB, maintained by Offensive Security. Might also try some of the ones known to work for Wk2, see if they still work.
OSWP, Sec+
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Jun 05, 2012 10:18 pm

Re: reliable remote code execution for IIS on Server 2008?

Try to look for different way to log in, some exploits require a lot of work before make it work
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Jun 06, 2012 7:42 am

Re: reliable remote code execution for IIS on Server 2008?

There are no publicly disclosed rce exploits for iis 7. However, if your just looking for a 2008 exploit, there are options.

You're better off going after the app on that webserver.
Last edited by cd1zz on Wed Jun 06, 2012 8:34 am, edited 1 time in total.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Wed Jun 06, 2012 8:22 am

Re: reliable remote code execution for IIS on Server 2008?

Yep, the web app will give you a good access doesn't matter if the machine is well updated.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

camelCase

Newbie
Newbie

Posts: 12

Joined: Fri Apr 20, 2012 9:33 pm

Post Wed Jun 06, 2012 5:11 pm

Re: reliable remote code execution for IIS on Server 2008?

cd1zz, this is what I thought. Oh well. FYI these are in a highly specialized deployment and have no web applications and very limited HTTP methods.
<<

mohaab

Jr. Member
Jr. Member

Posts: 59

Joined: Mon Oct 25, 2010 4:38 pm

Location: Egypt

Post Wed Jun 06, 2012 11:28 pm

Re: reliable remote code execution for IIS on Server 2008?

http://attack-secure.com - CODENAME: Samurai Skills Course
<<

jimbob

User avatar

Newbie
Newbie

Posts: 14

Joined: Tue Aug 01, 2006 3:56 pm

Post Thu Jun 07, 2012 4:03 am

Re: reliable remote code execution for IIS on Server 2008?

Don't forget to think out a deeper solution. If you can get file upload on the server you can upload arbitrary binaries and ASP content to achieve this. Don't think of pen testing as, "I have one exposed service, is there a remote exploit?" Can you find SQLi and execute code that way?

Regards,
Jimbob
<<

camelCase

Newbie
Newbie

Posts: 12

Joined: Fri Apr 20, 2012 9:33 pm

Post Mon Jun 18, 2012 1:22 pm

Re: reliable remote code execution for IIS on Server 2008?

Again, they do not run any web applications. This is why I asked about IIS specifically. The PHRACK issue I would say does not indeed point to any reliable exploit. Thank you for your time but I pwnd this shit on my own.
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Jun 19, 2012 7:47 am

Re: reliable remote code execution for IIS on Server 2008?

camelCase wrote: Thank you for your time but I pwnd this shit on my own.


Perhaps you'd care to share and help us increase the community knowledge?
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Jun 19, 2012 8:18 am

Re: reliable remote code execution for IIS on Server 2008?

tturner wrote:
camelCase wrote: Thank you for your time but I pwnd this shit on my own.


Perhaps you'd care to share and help us increase the community knowledge?


Yeah, that line didn't exactly sit well with me.  I'm certain it didn't carry the attitude that I interpreted, when I read it.  (At least, I'd hope not.  ;))  And yes, I'm with tturner.  If you pwned it, please share, if for no other reason than to increase everyone's knowledge and abilities.

Oh, and assuming you did pwn it... Congrats!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

camelCase

Newbie
Newbie

Posts: 12

Joined: Fri Apr 20, 2012 9:33 pm

Post Wed Jun 20, 2012 9:53 am

Re: reliable remote code execution for IIS on Server 2008?

It had to do it by sending syn packets with scapy and backing off TTL until the firewall responded with an error packet containing its IP, finding out that the firewall was misconfigured and had its config interface in front of me, guessing the correct password, dumping its config, ssh tunneling through the firewall and proxy scanning the server, enumerating some users, discovering a user with pass as user, looking in the sysvol, finding a bat script with domain admin permissions and rdp. So still not just IIS or web app but just pure luck. I think that is vague enough to not give up any confidential data but informative enough to "share". :-) 
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jun 20, 2012 11:54 am

Re: reliable remote code execution for IIS on Server 2008?

Yep.  Gives enough for those of us who understand, and not so much as to get you into trouble.  ;)

Thanks.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

camelCase

Newbie
Newbie

Posts: 12

Joined: Fri Apr 20, 2012 9:33 pm

Post Wed Jun 20, 2012 3:45 pm

Re: reliable remote code execution for IIS on Server 2008?

Np homie, sorry if I come off as quippy or arrogant I just do not have a lot of time for long posts. Nothing personal.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jun 20, 2012 3:54 pm

Re: reliable remote code execution for IIS on Server 2008?

It's all good.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 3 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software