Penetration Testing mailing list archives
Re: NT information leakage
From: todd <todd () ubermother net>
Date: Sun, 22 Jul 2001 21:04:19 -0400
i thought redirection ( the '>' and ">>" operators) only woked if you copied cmd.exe to a directory under WEBROOT. no? todd[1] On Sunday 22 July 2001 16:07, you wrote:
you can always just run commands like ipconfig /all > c:\intetpub\wwwroot\info.txt -and- dir c:\ /s >> c:\intetpub\wwwroot\info.txt -and- net view >> c:\intetpub\wwwroot\info.txt Have some fun and try diffrent things then point your browser at http://server/ipinfo.txt -mdb ----Original Message Follows---- From: "Ismael Valenzuela" <i.valenzuela () topfutbol com> To: "Penetration Testing (E-mail)" <PEN-TEST () securityfocus com> Subject: NT information leakage Date: Thu, 19 Jul 2001 09:53:55 +0200 Hello. I am conducting a pentest for company using IIS in its web server. I've successfully exploited the MSDAC RDS bug, so I can navigate through its hard disk using the command cmd.exe, but with restricted rights. I can not get the sam._ file in \winnt\repair for example. I would like someone to tell me which files in the NT box can show me information about the servers in the same subnet, applications installed, and any other important information. Is there any way to get admin rights through this bug i've exploited ? There's also a CheckPoint FW-1 in front of the web server, but it doesn't filter de port 80, obviously :) Thanks in advance. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBO1aSEMqrlGPrxreCEQJrPQCgx38IvrGlCHB/9cUmzhwBE+JupRcAoOVB R0Z0fS1Ku2FbeuySX+bdxngw =ei6y -----END PGP SIGNATURE----- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp --------------------------------------------------------------------------- - This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: NT information leakage Mike Brentlinger (Jul 22)
- Re: NT information leakage todd (Jul 22)