Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Alert: RDS IIS vulnerability/fix
From: rfp () WIRETRIP NET (.rain.forest.puppy.)
Date: Sun, 25 Jul 1999 14:55:38 -0500

Wanderley J. Abreu Junior (<storm () unikey com br>):
    yes, but actually there's a DSN called advworks that is automatically
configured by RDS Server and don't require password (As you have mencioned
in the third part of this doc).

Correct, that's why it scans for AdvWorks in Step 3.

/msadc/samples/SELECTOR/showcode.asp actually there's a way to retrieve the
ODBC list wich is in  \winnt\odbc.ini.

Now, MDAC 1.5 does *not* install the samples by default.  But considering
that the VbBusObj comes with the samples, I may add this in.  Look for
future code postings at www.technotronic.com/rfp/

        IIS 3 also has /scripts/tools and /scripts/samples features and

Yes, many of which I report about in my advisory and Phrack articles.
Don't forget /iissamples/ as well, and /scripts/iisadmin/.

plus! If you enter some maped script extension like http://server/jerk.idc
it returns to you the exactly directory where the Web page is stored like
   c:\Inetpub\wwwroot\  even if you handled 404 error to another page. Since

I beleive it's Service Pack 4 that fixes this, and perhaps Service Pack 5
breaks this...I'm trying to pull the discussion from some time ago from my

All in all, yes, you are correct that there are many ways to figure out
the DSNs.  But I still believe you should do this little bit of legwork
yourself, find a valid DSN, slap it into a text file, and then use the -e
option for Step 5 (user submitted/brute force DSNs).


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]