I have had the same problems but I haven't used the teso version. My only guess is that some servers have a Firewall in front of them set to deny outbound connections. From what I understand, and I defer to others, the exploit code forces the server to make an outbound request for the file. I think, and I'm really not sure, that this is designed so that the file can be anything you choose that you can serve. If this is the case than we all would be eternally grateful if someone could modify the source so that it sends a file in the same folder as iishack with an already specified name. Thus the program could automatically send the file hack.exe and you could just place the file you want to send, renamed to hack.exe, in the same folder. The other thing that I think might be going on is that the server is designed or the router set up so that no traffic is allowed to port 99 or any port other than 80 thus no workey, also, stupidly enough, ncx is hacked to only honor the first connection with the terminal so if
you're using it on your site and getting connection requests at the same time it will drop the terminal to another connection request, i.e. a home user with a browser that won't see anything anyway. Someone should also change the version of ncx so it's passed with the argument to stay active. I wish I could write the code but then isn't that what vuln-dev is for?
-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV_at_SECURITYFOCUS.COM]On Behalf Of Ory
Segal
Sent: Monday, January 03, 2000 5:12 AM
To: VULN-DEV_at_SECURITYFOCUS.COM
Subject: iishack/tesoiis.c - What's wrong ?
Hello,
While trying to make both codes work, the first on NT+IIS
And the second from a Linux box , I get the same results,
The Remote server crashes, but no code is sent and uploaded, does anyone has a clue of how can I fine-tune these codes ? or maybe send me a perfectly working one, Preferably for Linux ?
Thanks.
Received on Jan 03 2000
Intro
