Penetration Testing mailing list archives
New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003
From: SCInfo () SMTPCommander com
Date: 27 Aug 2005 16:50:27 -0000
I'd like to annouce a new tool that could be useful in pen testing, or for administration use for a server running SMTP via IIS 5.0, 6.0, including Exchange 2000/2003 and SBS 2000/2003. The tool won't help you get on a box, but once you are in installing it will help you stay on it or issue commands through SMTP email as the carrier. Free! Donations accepted. http://www.SMTPCommander.com Beta version ready to download. Basic overview: * runs with "system" privilages * input is normal email, results returned to send via email * single dll, must have admin rights to install and register * no service, no task will show (runs under IIS) * only known ways to detect it is find the actual DLL, or use script to examine events for SMTP * passes email thru unless trigger in subject given * allows shell commands as system acct * get/put files from/to server * reg read/write commands Example uses tested so far: * put pwdump2 on server, execute, return sam file * dump registry to file and return * explore drives using directory I'm interested in any feedback, post a reply or email me at SCInfo () SMTPCommander com
Current thread:
- New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003 SCInfo (Aug 27)