NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2000-04

Subject: dsnhack.pl --ooops
From: Roelof Temmingh (roelofSENSEPOST.COM)
Date: Thu Apr 13 2000 - 04:21:00 CDT

Next message: Maniac .: "Weird Ports on NT box"
Previous message: Erich Meier: "Re: IP fw-in deny spam in logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The URL I mentioned in my previous post was incorrect.
The URL should be:

http://www.wiretrip.net/rfp/p/doc.asp?id=3&iface=1

Sorry!!

------------------------------------------------------
Roelof W Temmingh SensePost IT security
roelofsensepost.com +27 84 448 6996
http://www.sensepost.com

---------- Forwarded message ----------
Date: Thu, 13 Apr 2000 09:45:10 +0200 (SAST)
From: Roelof Temmingh <roelofsensepost.com>
To: Michael Kluskens <mskCRYSTAL.NRL.NAVY.MIL>
Cc: INCIDENTSSECURITYFOCUS.COM
Subject: Re: dsnhack.pl

On Wed, 12 Apr 2000, Michael Kluskens wrote:

> Has anyone had time to evaluate "dsnhack.pl", a winnt remote exploit
> by scrippie. It's also at that site. I assume it has been out for
> quite awhile since it is version 1.3.

I had a quick look at dsnhack.pl. The script is basically modeled on a
paper written by Rain Forest Puppy:

http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=1

(which is a very good read), and then the creator packed some more
punch, allowing the user to get the absolute path, upload files, create
the neccesary DSNs etc.

Know the MDAC RFP exploit ? - this one is same, just with some added
claws.

NewDSN exploit v 1.3 -- Scrippie / Phreak.nl
Usage: dsnhack.pl -h <host>
        -c = create a new M$ Access DSN (Web SQL)
        -d = dump hard path by using several flaws
        -f = Force command (skip checks for .idc's)
        -g <server:filename> = Upload file to NT box via FTP
        -h <host> = host you want to scan (ip or domain)
        -u <filename> = Upload HTML file (easy defacing)
        -w = Win 95 support
        -m <dir /s /b file> = Mass deface (see documentation)

Regards,
Roelof

------------------------------------------------------
Roelof W Temmingh SensePost IT security
roelofsensepost.com +27 84 448 6996
http://www.sensepost.com

Next message: Maniac .: "Weird Ports on NT box"
Previous message: Erich Meier: "Re: IP fw-in deny spam in logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]