Home page logo
/

pen-test logo Penetration Testing mailing list archives

New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003
From: SCInfo () SMTPCommander com
Date: 27 Aug 2005 16:50:27 -0000

I'd like to annouce a new tool that could be useful in pen testing, or for administration use for a server running SMTP 
via IIS 5.0, 6.0, including Exchange 2000/2003 and SBS 2000/2003.

The tool won't help you get on a box, but once you are in installing it will help you stay on it or issue commands 
through SMTP email as the carrier. 

Free! Donations accepted.

http://www.SMTPCommander.com

Beta version ready to download.

Basic overview:
* runs with "system" privilages
* input is normal email, results returned to send via email 
* single dll, must have admin rights to install and register
* no service, no task will show (runs under IIS)
* only known ways to detect it is find the actual DLL, or use script to examine events for SMTP
* passes email thru unless trigger in subject given
* allows shell commands as system acct
* get/put files from/to server
* reg read/write commands

Example uses tested so far:
* put pwdump2 on server, execute, return sam file
* dump registry to file and return
* explore drives using directory 

I'm interested in any feedback, post a reply or email me at SCInfo () SMTPCommander com


  By Date           By Thread  

Current thread:
  • New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003 SCInfo (Aug 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]