Software: NetBus Web Server
Vendor: http://ultraaccess.net/
Versions: Pro
Platforms: Unix
Bug: Direcory Listing And Remote File Upload
Risk: High
Exploitation: Remote with browser
Date: 22 Jan 2004
Author: Rafel Ivgi, The-Insider
e-mail: the_insider (at) mail (dot) com [email concealed]
web: http://theinsider.deep-ice.com
NetBus Pro is a "Trojan Horse". It is a virus that opens a port and listens
until some attacker will connect the port and do what ever he wishes on
the machine. If a password is set and the default port number is changed
it can be used as a remote control software.
Although NetBus Pro is a virus, it has a web server built in.
If an attacker connects to the server he gets a default page, with
no special links or options.
However requesting:
http://<host>//
Or
http://<host>/./
Will Show the root path directory listing and a file upload function.
This allows any one to download local files, upload anything and possibly
take over the machine.
Software: NetBus Web Server
Vendor: http://ultraaccess.net/
Versions: Pro
Platforms: Unix
Bug: Direcory Listing And Remote File Upload
Risk: High
Exploitation: Remote with browser
Date: 22 Jan 2004
Author: Rafel Ivgi, The-Insider
e-mail: the_insider (at) mail (dot) com [email concealed]
web: http://theinsider.deep-ice.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1) Introduction
2) Bug
3) The Code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============
1) Introduction
===============
NetBus Pro is a "Trojan Horse". It is a virus that opens a port and listens
until some attacker will connect the port and do what ever he wishes on
the machine. If a password is set and the default port number is changed
it can be used as a remote control software.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
======
2) Bug
======
Although NetBus Pro is a virus, it has a web server built in.
If an attacker connects to the server he gets a default page, with
no special links or options.
However requesting:
http://<host>//
Or
http://<host>/./
Will Show the root path directory listing and a file upload function.
This allows any one to download local files, upload anything and possibly
take over the machine.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===========
3) The Code
===========
http://<host>//
http://<host>/./
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."
[ reply ]