Metasploit mailing list archives
SOME PENTISTING ROCK I HIT
From: chuksjonia at gmail.com (chuks Jonia)
Date: Mon, 28 Jul 2008 17:25:13 +0000
Hi guys. This is my first post. Hope u will help. I'm doing a pentest, i did a first one for the same company before and it was so successful, whereby the servers am testing are hosted in a data center away from the office of the clients. I helped them patch and to know where the holes are, then later they did an upgrade of all machines, and the holes were covered, i'm here again starting from scratch. They did manage to close most of the holes, but the trust relationships between office machines, the carecenter machines and the Data centre is overwhelming. I have been able to compromise the office server and some machines inside the LAN and i managed to get hold of the main box at the Data Centre, where the webserver is. The datacenter has five servers on public i.p but can only be reached by the trusted machines except for the public webserver. There are machines in the same datacenter that are connected using vlans behind the firewall. Now, the next machine i have compromised is a Database Server and i need to upload a web shell to a host on a different I.P. In Mysql, is there a way i can do it, if in localhost its possible, coz on the public webserver i was able since it has port 3306 open. What path should i use? Should i take it down like this, SELECT * INTO OUTFILE '/data/mysql/xxx.xxx.xxx.xxx/var/www/html/TranscationApps/shell.php' from chuks; ??? Though whenever i try i get an error ERROR 1 (HY000): Can't create/write to file '/data/mysql/xxx.xxx.xxx.xxx/var/www/html/TranscationApps/shell.php' (Errcode: 2) Where am i going wrong? Please give me some ideas. I have another problem too, but i hope someone gets me some ideas on this first. Thanks in Advance /Chuks
Current thread:
- SOME PENTISTING ROCK I HIT chuks Jonia (Jul 28)
- Message not available
- SOME PENTISTING ROCK I HIT chuks Jonia (Jul 28)
- SOME PENTISTING ROCK I HIT H D Moore (Jul 28)
- SOME PENTISTING ROCK I HIT chuks Jonia (Jul 28)
- Message not available