Home page logo

pen-test logo Penetration Testing mailing list archives

New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003
From: SCInfo () SMTPCommander com
Date: 27 Aug 2005 16:50:27 -0000

I'd like to annouce a new tool that could be useful in pen testing, or for administration use for a server running SMTP 
via IIS 5.0, 6.0, including Exchange 2000/2003 and SBS 2000/2003.

The tool won't help you get on a box, but once you are in installing it will help you stay on it or issue commands 
through SMTP email as the carrier. 

Free! Donations accepted.


Beta version ready to download.

Basic overview:
* runs with "system" privilages
* input is normal email, results returned to send via email 
* single dll, must have admin rights to install and register
* no service, no task will show (runs under IIS)
* only known ways to detect it is find the actual DLL, or use script to examine events for SMTP
* passes email thru unless trigger in subject given
* allows shell commands as system acct
* get/put files from/to server
* reg read/write commands

Example uses tested so far:
* put pwdump2 on server, execute, return sam file
* dump registry to file and return
* explore drives using directory 

I'm interested in any feedback, post a reply or email me at SCInfo () SMTPCommander com

  By Date           By Thread  

Current thread:
  • New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003 SCInfo (Aug 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]