Exploit Chains
There are times when you will find one vulnerability that may notenable you to make significant changes to a system (e.g. the IIS
newdsn.exe vulnerability). However you may find a number of
vulnerabilities that can be 'chained' together.
One example of this would be the msadc.pl script released by
Rainforest Puppy. In this case, the script attempts to exploit a known
vulnerability in a sample script installed with NT Option Pack 4. This
vulnerability relies on btcustomr.mdb being present on the remote
server.
If this file isn’t available, the newdsn.exe file can be executed, and will
creat an MS Access .mdb file along with an ODBC DSN that can then be
used to run arbitrary commands on the remote server.
No comments:
Post a Comment