Grandpa
Grandpa - 10.10.10.14
Target Enumeration:
OS: Windows
IP: 10.10.10.14
User: bdff5ec67c3cff017f2bedc146a5d869
Root: 9359e905a2c35f861f6a57cecf28bb7b
Ports / Services / Software Versions Running
80/tcp open http Microsoft IIS httpd 6.0
Vulnerability Exploited:
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.
Exploiting the host:
Searchsploit results for IIS 6.0
Use windows/iis/iis_webdav_scstoragepathfromurl
Execute the exploit.
Collect your flags.
Last updated