This is a bug valid in a "fully patched" 7.5.7600.16385 IIS and its corresponding exploit:

Bug: http://www.cvedetails.com/cve/CVE-2010-3972
Exploit: http://www.exploit-db.com/exploits/15803

The exploit is written in python. I just tested it using Ubuntu as attacking machine and, as expected, I was able to remotely crash my "fully patched" IIS 7.5.7600.16385 FTP service. The bug was disclosed in 2010 and it was fixed with a Win7 patch (KB2489256) in early 2011, so it was not exactly a IIS bug, even if IIS could be used to exploit it. Note that Windows Update propose the patch to you only if you have IIS installed.

Giuseppe Bertone

-----Messaggio originale-----
Da: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Per conto di Nikhil Varghese
Inviato: giovedì 7 giugno 2012 18:59
A: security-basics (at) securityfocus (dot) com [email concealed]
Oggetto: Re: Exploitable vulnerabilities in Microsoft IIS/7.0

I think exploit development in windows is too difficult. I really don't know where to start. The only experience I have is in using metasploit.

Which is the best resource I can get to develop windows exploits?

On Wed, Jun 6, 2012 at 11:37 PM, Nikhil Varghese <nkvp.93 (at) gmail (dot) com [email concealed]> wrote:
> I found two more vulnerabilities, but i still don't have any way of
> testing them on my system.
>
> http://www.securitytracker.com/id/1024079
> http://www.securitytracker.com/id/1024440
>
> I tried to develop my own exploit but the information is too vague. It
> would be useful if anyone has an exploit or can help me out in anyway
> possible.
>
>
>
> On Wed, Jun 6, 2012 at 11:13 PM, Nikhil Varghese <nkvp.93 (at) gmail (dot) com [email concealed]> wrote:
>> Are there any vulnerabilities in Microsoft IIS/7.0 that are
>> exploitable? I found one:
>> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0074.
>> However, i could not find any metasploit exploit for the vulnerability.
>>
>> How can I test if my IIS server is vulnerable since i run Microsoft
>> IIS/7.0 in my system? Has anyone written an exploit/detailed
>> explanation for this yet?

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]