Friday, September 22, 2006

Attacks against IIS

IIS is one of the most widely used Web server platforms on the Internet.
Microsoft's Web Server has been the frequent target over the years.
It has been attacked by various vulnerabilities.

Examples include:
  • ::$DATA vulnerability
  • showcode.asp vulnerability
  • Piggy backing vulnerability
  • Privilege command execution
  • Buffer Overflow exploits (IIShack.exe)
IIS Components

  • IIS relies heavily on a collection of DLLs that work together with the main server process, inetinfo.exe, to provide various capabilities.
  • Example: Server side scripting, Content Indexing, Web Based printing etc.
  • This architecture provides attackers with different functionality to exploit via malicious input.
ISAPI DLL Buffer Overflows

  • One of the most extreme security vulnerabilities associated with ISAPI DLLs is the buffer overflow.
  • In 2001, IIS servers were ravaged by versions of the Code Red and Nimda worms which were both based on buffer overflow exploits.

Thursday, September 07, 2006

Download everything from Microsoft without WGA Check

When you want to download a file from Microsoft a WGA (windows genuine advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks for validity. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check.

All you need is the tool mgadiag.exe and the download url of the file that you want to download. Mgadiag.exe is the Microsoft Genuine Advantage Diagnostic Tool. Start this tool and check the value of the “Download Center Code”, this should be seven chars consisting of upper case letters and numbers. Remember that code and open the website of the file that you want to download.

A download page looks similar to this one for Internet Explorer 7. All you need to do is append the following value to the url and you will be able to download the file without a WGA check.

&Hash=”download center code”

Replace the “download center code” with the code that you looked up in the mgadiag.exe tool. This code changes frequently, make sure you have the correct code before starting the downloads.

To sum it up:
  1. download mgadiag.exe
  2. start mgadiag.exe and look at the download center code
  3. visit a download page at
  4. append &Hash=”download center code” to the url (example &Hash=6VJPCR9), no quotation marks needed
  5. Hit enter

Microsoft is probably going to fix this soon, it is working nevertheless at the moment.

Wednesday, September 06, 2006

Free Web Proxy List

A web proxy is becoming more and more important in todays internet. Schools and Companys tend to block sites pretty quickly nowadays, especially when the blocking is directed at just a few websites and not every website in that category. Web Proxys might be able to sneak past this policies and display the site in your browser even though it is banned in the network.

How do web proxys work ?

A network bans a website either by its IP, its name or part of its name. A web proxy makes only shows its own address to the network and not the actual destination of the user. The admin of the network will think everything is fine and you are free to reach the site that is banned. The only thing that might happen is that the admin is banning the web proxy as well, but this is not a big deal either. Hundreds of web proxys exist, just switch to a new one and you are ready to visit the banned site again.

Setup your own Web Proxy:

Let us assume that all proxy websites have been banned in your network, you can´t find a single web proxy that is still working. Your best choice is to create your own web proxy at an address that only you know. All you need is the php web proxy poxy and some webspace with php to upload it to. Search google for free webspace php and you should find some hosts that allow you to use php and upload your web proxy to them.

You can alternativly use a cgi web proxy which needs a webspace with cgi enabled.
Web Proxy List:

Please not that the list does not display if the webproxy is able to handle scripts, I did not find a reliable way to make a test for all languages out there, therefor this has not been added to the list. I also removed websites that loaded slowly, displayed errors or forced you to click on an ad before you could use the service.

It is most likely that the name “proxy” might have been banned as well, try using web proxys that do not have proxy i their url, this might help.

oxys that do not have proxy i their url, this might help.