Whoppix has done it again. As recorded by the attacker, have a look at how easy it is to compromise a Windows 2000 server with an unpatched IIS5 implementation. Before you go and say “but Windows Server and IIS6 are out”, remember that so many people are still on Windows 2000. And that so many people are hanging these things after a default installation on the Internet.
If you wondered why I use Knoppix-STD for a lot of my pentest stuff, this is why. Check out the Whoppix video showing the attack using such tools. In this particular case, the attacker tunnels exploits through SSH (plink.exe) that is thrown up on the compromised Windows server.
[Dana Epp's ramblings at the Sanctuary]