Re: dsnhack.pl

[roelof () SENSEPOST COM (Roelof Temmingh)]

On Wed, 12 Apr 2000, Michael Kluskens wrote:

> Has anyone had time to evaluate "dsnhack.pl", a winnt remote exploit
> by scrippie.  It's also at that site. I assume it has been out for
> quite awhile since it is version 1.3.

I had a quick look at dsnhack.pl. The script is basically modeled on a
paper written by Rain Forest Puppy:

http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=1

(which is a very good read), and then the creator packed some more
punch, allowing the user to get the absolute path, upload files, create
the neccesary DSNs etc.

Know the MDAC RFP exploit ? - this one is same, just with some added
claws.

NewDSN exploit v 1.3 -- Scrippie / Phreak.nl
Usage: dsnhack.pl -h <host>
        -c                      = create a new M$ Access DSN (Web SQL)
        -d                      = dump hard path by using several flaws
        -f                      = Force command (skip checks for .idc's)
        -g <server:filename>    = Upload file to NT box via FTP
        -h <host>               = host you want to scan (ip or domain)
        -u <filename>           = Upload HTML file (easy defacing)
        -w                      = Win 95 support
        -m <dir /s /b file>     = Mass deface (see documentation)

Regards,
Roelof

------------------------------------------------------
Roelof W Temmingh               SensePost IT security
roelof () sensepost com         +27 84 448 6996
                http://www.sensepost.com