mailing list archives
New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003
From: SCInfo () SMTPCommander com
Date: 27 Aug 2005 16:50:27 -0000
I'd like to annouce a new tool that could be useful in pen testing, or for administration use for a server running SMTP
via IIS 5.0, 6.0, including Exchange 2000/2003 and SBS 2000/2003.
The tool won't help you get on a box, but once you are in installing it will help you stay on it or issue commands
through SMTP email as the carrier.
Free! Donations accepted.
Beta version ready to download.
* runs with "system" privilages
* input is normal email, results returned to send via email
* single dll, must have admin rights to install and register
* no service, no task will show (runs under IIS)
* only known ways to detect it is find the actual DLL, or use script to examine events for SMTP
* passes email thru unless trigger in subject given
* allows shell commands as system acct
* get/put files from/to server
* reg read/write commands
Example uses tested so far:
* put pwdump2 on server, execute, return sam file
* dump registry to file and return
* explore drives using directory
I'm interested in any feedback, post a reply or email me at SCInfo () SMTPCommander com
- New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003 SCInfo (Aug 28)