Some methods about IIS hack to organize the "turn"

By xundi< Security Focus >
http://www.xfocus.org
Xundi1@21cn.com
Some of the loopholes in the IIS hack are sorted out here for your reference.
1, introduce
Because these methods are targeted for 80来 operations through ports, there is a certain threat because as a web you
This mouth is always open. If you want to check the leak while smoking, OK, you download some CGI scanners to
To help you check, you can try using these two:
"Whisker" by "Rain Forest Puppy" (WWW.WIRETRIP.NET/RFP).
"CIS" by "Mnemonix" (www.cerberus-infosec.co.uk)
In addition, if you want to know what type of service program the target machine is running, you can use
The following command:
Telnet <victim> 80
Get head/http/1.0

You can return some names and Web service versions, if some servers run the web in
8080,81,8000,8001 mouth, you will telnet to the corresponding mouth.
If you want to know the Web service program that is running SSL, the Web server and browser
If connected, we can use the tool "Ssleay":
S_client-connect <victim>:443
head/http/1.0
======================================================================
2, some common methods:

========iis hack==========
Www.eeye.com's staff found a IIS4.0 buffer overflow that allows users to upload
Programs, such as Netcat to the target server, and bind the Cmd.exe to 80 ports. This buffer overflows
Out of the. htr,.idc and. stm files, and their URL requests for these files
No full bounds check on the name, causing the attacker to insert some backdoor programs
Downloading and executing programs in the system.
To detect such a site you need two files Iishack.exe,ncx.exe, you can go below