exploiting BID 529
('binary' encoding is not supported, stored as-is)
Running a pen test on some web servers.
Some were verified to have RDS version is 1.5 thus:
http://10.1.1.1/msadc/readme.txt
Here is the exploit:
http://www.securityfocus.com/bid/529/exploit/
I have tried unicode directory traversal which doesn't work.
Running msadc works
$ ./msadc.pl -h 10.1.1.1 -N
-- RDS smack v2 - rain forest puppy / ADM / wiretrip --
Machine name: NT2
I am trying to execute some cmd /c commands, however just trying to echo >xxx a file to the default path of msadc and the wwwroot does not yield anything I can open. I am largely trying to verify that the commands work.
Even if this does work (and the default paths are changed) I am nost sure what else I can do with it considering the
firewall is filtering out everything apart from 80 and 443 (some host
probably just one) inbound. I could potentially try killing the inet process and then implant nc.exe and have it take over on 80 or 443 but that would be to intrusive.
Here's some more reading on this (this guy had the benefit of unicode):
http://www.honeynet.org/scans/scan14/rfp.html
Any help much appreciated.
This archive was generated by hypermail 2.1.7
: Sat Apr 12 2008 - 10:54:09 EDT