IIS CGI Filename Decode exploit v1.30 Vulnerability exploited: CVE-2001-0333 - BID-2708 Category: Exploits/Remote This module exploits a directory traversal vulnerability on the target host. After successful exploitation, this module executes a level0 agent as the unprivileged IUSR or IWAM user.This module creates multiple files in the remote machine that could not be deleted until the process that locks them exits. These files have the form cmdNNNN.exe, debugNNNN.scr, agentNNNN.exe, where NNNN is the port number that will be used by the deployed level 0 agent. The files cmdNNNN.exe and debugNNNN.exe are locked by an NTVDM process. The file agentNNNN.exe is the deployed level 0 agent and cannt be deleted until the agent is disconnected. Supported Systems: Windows NT4 Server - sp6 (i386) Windows NT4 Server - sp6a (i386) Windows NT4 Enterprise Server - sp6 (i386) Windows NT4 Enterprise Server - sp6a (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) Windows 2000 Advanced Server - sp2 (i386) Windows 2000 Server - sp2 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.