/*************************************/ /* IIS 5.0 WebDAV -Proof of concept- */ /* [ Bug: CAN-2003-0109 ] */ /* By Roman Medina-Heigl Hernandez */ /* aka RoMaNSoFt <roman@rs-labs.com> */ /* Madrid, 23.Mar.2003 */ /* ================================= */ /* Public release. Version 1. */ /* --------------------------------- */ /*************************************/ /* ==================================================================== * --[ READ ME ] * * This exploit is mainly a proof of concept of the recently discovered ntdll.dll bug (which may be * exploited in many other programs, not necessarily IIS). Practical exploitation is not as easy as * expected due to difficult RET guessing mixed with possible IIS crashes (which makes RET brute * forcing a tedious work). The shellcode included here will bind a cmd.exe shell to a given port * at the victim machine so it could be problematic if that machine is protected behind a firewall. * For all these reasons, the scope o...