You must have already heard about recently released 0day for Mircosoft IIS 5.0/6.0 .Well , I`m glad that I've started a project some times ago about gaining knowledge of Iranian`s public IP addresses .
So , in case you're curious how many _possible_ victims may be out there in Iran before I publicly release my paper about the entire analysis , below is a quick grep for your estimations :)
'microsoft ftp' represent IIS 6.0 Ftp , and 5.0 is clear . Since it`s not an intrusive kind of grep for now, I can not tell you how many of above numbers may be really affected since :
1-Vulnerability is NOT triggerable on default IIS (only 6.0 tested) because ~>
2-Exploiting this vulnerability require privileged (write) access on ftp and ~>
3-Even if anonymous access is allowed , it does NOT have write access by default, and ~>
4-Unrelated fact: exploiting IIS Ftpd 6.0 will lead to unprivileged code-exec since Windows 2003 is NOT running IIS as SYSTEM, like IIS 5.0 does .
So , in case you're curious how many _possible_ victims may be out there in Iran before I publicly release my paper about the entire analysis , below is a quick grep for your estimations :)
$>cat IRAN | grep -i "microsoft ftp" -c
914
$>cat IRAN | grep -i "microsoft ftpd 5" -c
62
[*Numbers updated,as I used the wrong source for grep at first]914
$>cat IRAN | grep -i "microsoft ftpd 5" -c
62
'microsoft ftp' represent IIS 6.0 Ftp , and 5.0 is clear . Since it`s not an intrusive kind of grep for now, I can not tell you how many of above numbers may be really affected since :
1-Vulnerability is NOT triggerable on default IIS (only 6.0 tested) because ~>
2-Exploiting this vulnerability require privileged (write) access on ftp and ~>
3-Even if anonymous access is allowed , it does NOT have write access by default, and ~>
4-Unrelated fact: exploiting IIS Ftpd 6.0 will lead to unprivileged code-exec since Windows 2003 is NOT running IIS as SYSTEM, like IIS 5.0 does .
No comments:
Post a Comment