I had an idea early this morning that may or may not work and may or may not have been attempted before. Frankly, if it has been done before, it hasn’t been done in a while so it’s time to kick it off again. In an effort to get to know more about my peers and friends I’m going to start the ball rolling on the “5 Things You Might Not Know About…” project. The rules:

1. Create a blog post with the title “5 Things You Might Not Know About YOURNAME” (where YOURNAME is your first and last name).
2. List 5 things that people may or may not know about you (it can be anything really).
3. “Tag” 5 other people to do the same via the blog post, twitter, facebook, or all of the above.
4. See what happens.

So here are the 5 Things You Might Not Know About Andrew Hay:

1. At my 8th grade graduation ceremony the mother of one of my best friends thought that I was her sons teacher.
2. I was on the swim team in high school and made it to the city finals…whilst wearing a speedo.
3. My wife got rid of my high school speedo and it took me 2 years to realize it was gone. Note: This explains why the threat of wearing my speedo out in public no longer phased her.
4. I am an avid Rugby Union fan and have never broken any of MY bones playing Rugby.
5. I am a college drop out and do not have a degree or diploma.

Hopefully this gets the ball rolling. I’m going to tag the following people in the hopes that they join in on the insanity: Michael Santarcangelo, Justin Foster, Anton Chuvakin, Jennifer Jabbusch, and Erin Jacobs.

Here is a great, and scary, blog post from the folks over at Offensive Security. It details how easy it is to own a fully patched Windows 2000 SP4 server that has the Microsoft IIS FTP 5.0 remote system exploit. From the blog post:

A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited to around 500 bytes.

After a bit of tinkering around, we saw that the PASSWORD field would be most suitable to shove a larger payload (bindshell). A quick replacement of the original “user add” shellcode with a secondary encoded egghunter – and a bind shell was presented to us! I wonder how long this 0day has been around…As Rel1k would say to logan_WHD…”it’s OK, it’s OK…”.

The exploit can be downloaded from our exploit archive. To entertain the masses, we also made “Microsoft IIS 5.0 FTP 0 Day – The movie“

The movie can be found here: http://www.offensive-security.com/videos/microsoft-ftp-server-remote-exploit/msftp.html