Grandpa

Grandpa - 10.10.10.14

Target Enumeration:

OS: Windows

IP: 10.10.10.14

User: bdff5ec67c3cff017f2bedc146a5d869

Root: 9359e905a2c35f861f6a57cecf28bb7b

Ports / Services / Software Versions Running

80/tcp open http Microsoft IIS httpd 6.0

Vulnerability Exploited:

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

Exploiting the host:

Searchsploit results for IIS 6.0

Use windows/iis/iis_webdav_scstoragepathfromurl

Execute the exploit.

Collect your flags.