[framework] MS03-051
H D Moore
hdm at metasploit.com
Wed Sep 6 12:58:22 CDT 2006
The way around those limitations is to use Meterpreter as the payload. The
exploit itself shouldn't be responsible for anything that happens after
code execution starts. When exploiting ISAPI bugs on IIS 5.1, you have to
use Meterpreter (and the 'revert' command) to actually get a command
shell, since the IUSR account doesn't have access to cmd.exe, but the
IWAM account does.
Glad to see that people care about this stuff :-)
-HD
On Wednesday 06 September 2006 12:52, Greg Linares wrote:
> Oh well, yeah that iis_fp30reg_chunked exploit has its limitations, I
> think it just runs code in the context of IUSR_BROWSER, although there
> is a plethora of pipe-hijacking\privlidge escalation code that could be
> ran in conjuction with it.
More information about the framework
mailing list