NT information leakage

["Ismael Valenzuela" <i.valenzuela () topfutbol com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello. I am conducting a pentest for company using IIS in its web
server. I've successfully exploited the MSDAC RDS bug, so I can
navigate through its hard disk using the command cmd.exe, but with
restricted rights. I can not get the sam._ file in \winnt\repair for
example.

I would like someone to tell me which files in the NT box can show me
information about the servers in the same subnet, applications
installed, and any other important information.

Is there any way to get admin rights through this bug i've exploited
?

There's also a CheckPoint FW-1 in front of the web server, but it
doesn't filter de port 80, obviously :)

Thanks in advance.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBO1aSEMqrlGPrxreCEQJrPQCgx38IvrGlCHB/9cUmzhwBE+JupRcAoOVB
R0Z0fS1Ku2FbeuySX+bdxngw
=ei6y
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/