- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Exploitation of the SSL PCT Overflow
- Abstract
- This document establishes a detailed scenario in which a given exploit is used to gain complete control of a targeted system. The attack will be demonstrated in phases which will include intelligence gathering, network information disclosures, and a vulnerability assessment. The stages of the attack will be described in-depth with heavy focus on avoiding intrusion detection sensors (IDS) and firewalls. All stages of this attack have been performed in a simulated test lab environment. The test lab was configured to closely represent a live network environment. The vulnerability in discussion is the Microsoft IIS SSL PCT Overflow. Microsoft released the security bulletin MS04-011 for 14 various vulnerabilities on April 13, 20041. The IIS SSL PCT Overflow was included in this bulletin. A week later an exploit for this vulnerability was released in the wild. Successful exploitation of this vulnerability allows for Administrator-level privilege shell access on a targeted system.