RCE in Microsoft IIS 6.0 WebDAV ScStoragePathFromUrl

This repository is a Rust-based proof-of-concept exploit for CVE-2017-7269, a critical stack-based buffer overflow in Microsoft IIS 6.0's WebDAV extension (httpext.dll). The exploit targets the vulnerable ScStoragePathFromUrl function by sending a specially crafted HTTP PROPFIND request with an overly long If: header, causing a buffer overflow and hijacking execution flow. The main exploit logic is implemented in 'src/main.rs', which handles argument parsing, shellcode construction (either built-in reverse shell or user-supplied payload), and network communication with the target. The exploit establishes a TCP connection to the target's WebDAV service (default port 80), sends the malicious request, and delivers the shellcode. If successful, the exploit provides a reverse shell (cmd.exe) to the attacker's specified listener. The repository includes a README with detailed usage instructions and technical background. No hardcoded IPs or domains are present; all endpoints are user-supplied at runtime. The code is operational and demonstrates remote code execution, but is not part of a larger exploit framework.

This repository contains a Python proof-of-concept exploit (GenWebDavIISExploit.py) targeting a remote code execution vulnerability in the WebDAV component of Microsoft IIS 6.0. The exploit works by sending a specially crafted HTTP request containing custom shellcode to the target server. The shellcode is dynamically generated to connect back to an attacker-specified IP and port, providing a reverse shell with SYSTEM privileges. The exploit requires the attacker to provide the target's IP and port, as well as their own IP and port for the reverse connection. The README provides detailed usage instructions and example output, demonstrating successful exploitation and remote command execution. The repository is structured simply, with the main exploit script, a README, and a license file. No detection or scanning functionality is present; this is a direct exploitation tool.

This repository contains a pure Ruby exploit for CVE-2017-7269, a buffer overflow vulnerability in Microsoft IIS 6.0's WebDAV ScStoragePathFromUrl function. The main file, 'exploit.rb', is a standalone script that takes a target IP address, port, and a payload option as arguments. It constructs a malicious HTTP PROPFIND request with a crafted header to trigger the overflow and appends shellcode corresponding to the selected payload. Payloads include launching calc.exe, causing a BSOD, displaying a message box, executing arbitrary commands, or adding a new local administrator account. The exploit communicates directly with the target over TCP, sending the crafted HTTP request. The repository is structured simply, with the exploit code, a README describing usage, and standard license and gitignore files. No external framework is used; the exploit is self-contained and operational.

This repository contains a Python exploit script targeting CVE-2017-7269, a buffer overflow vulnerability in Microsoft IIS 6.0's WebDAV service. The repository consists of a README and a single exploit script ('iis6 reverse shell'). The script takes four arguments: the target IP and port (the vulnerable IIS 6.0 server), and the attacker's IP and port (to receive the reverse shell). It crafts a malicious HTTP request to trigger the buffer overflow and sends Windows shellcode that opens a reverse shell back to the attacker. The shellcode is embedded as a long byte string and is designed to execute 'cmd.exe' on the target. The exploit is operational and provides remote command execution if successful. No hardcoded endpoints are present; all network targets are supplied by the user at runtime.

This repository contains a Python exploit for CVE-2017-7269, a remote code execution vulnerability in Microsoft IIS 6.0 WebDAV. The repository consists of two files: a README.md with usage instructions and an exploit.py script. The exploit.py script takes a target URL as input, crafts a specially crafted PROPFIND HTTP request containing a large payload and shellcode, and sends it to the target server over a raw TCP socket. The shellcode is embedded in the request and is intended to be executed on the vulnerable IIS 6.0 server, potentially granting remote code execution. The exploit is operational and requires the attacker to specify a vulnerable target. The script is self-contained and does not rely on any external frameworks.

This repository contains a C# exploit for CVE-2017-7269, a buffer overflow vulnerability in Microsoft IIS 6.0 WebDAV (ScStoragePathFromUrl). The main file, CVE-2017-7269.cs, is a command-line tool that allows an attacker to: - Test if a target is vulnerable - Upload a webshell (typically an ASP file) to a specified path on the server - Execute arbitrary shellcode on the target - Attempt to kill the target process The tool is flexible, accepting various command-line parameters to specify the target URL, HTTP headers, webshell file and path, or shellcode file. The README.md provides build instructions and usage examples. The exploit works by sending a specially crafted HTTP request to the target IIS server, exploiting the buffer overflow to achieve code execution. The attack vector is network-based, requiring access to the target's HTTP(S) service. The exploit is operational, as it can deliver real payloads (webshell or shellcode) and is not just a proof of concept.

This repository contains a Python proof-of-concept exploit for CVE-2017-7269, a remote code execution vulnerability in Microsoft IIS 6.0 WebDAV. The main file, 'CVE-2017-7269_remote_echo.py', crafts and sends a specially crafted PROPFIND HTTP request with embedded shellcode to a specified IP address and port. The shellcode is designed to trigger code execution on the vulnerable server. The exploit is operational and provides a response indicating success, making it suitable for verification of the vulnerability. The repository also includes a brief readme in Chinese, describing usage and linking to a technical analysis. No hardcoded IPs or domains are present; the target is specified via command-line arguments. The exploit is network-based and targets the HTTP/WebDAV service on the victim server.

This repository contains a Metasploit module (cve-2017-7269.rb) that exploits CVE-2017-7269, a buffer overflow vulnerability in the ScStoragePathFromUrl function of the WebDAV service in Microsoft IIS 6.0 (Windows Server 2003 R2). The exploit works by sending a specially crafted PROPFIND HTTP request with an overlong 'If: <http://' header, triggering the overflow and allowing remote code execution. The module allows the attacker to specify the physical path length and HTTP host, and delivers a customizable Metasploit payload (such as a reverse shell) to the vulnerable server. The README provides background on the vulnerability and usage notes, emphasizing that the exploit is to be used with Metasploit. The main code file is written in Ruby and is structured as a standard Metasploit exploit module, making it weaponized and easily customizable for different payloads and targets.

This repository contains a Metasploit module exploit for CVE-2017-7269, a buffer overflow vulnerability in the ScStoragePathFromUrl function of the WebDAV service in Microsoft IIS 6.0 (Windows Server 2003 R2). The exploit allows remote code execution by sending a specially crafted PROPFIND HTTP request with an overlong 'If' header. The module requires the attacker to specify the HTTP host header and the physical path length of the web root on the target server. The exploit delivers a customizable Meterpreter payload, providing a reverse shell to the attacker. The repository consists of a single Ruby exploit file (cve-2017-7269.rb) and a README.md with usage instructions and example configurations. The main attack vector is network-based, targeting the HTTP service on the vulnerable server. The exploit is operational and can be used to gain remote access to affected systems.