Penetration Testing mailing list archives

Re: IIS & w2k

From: Tom Fischer <Tom.Fischer () rus uni-stuttgart de>
Date: Mon, 4 Jun 2001 21:54:56 +0200

Hi,

On Mon, Jun 04, 2001 at 09:49:05AM -0500, Luis Javier Perez wrote:

I'm actually doing a pt, and i'm facing a trouble, the scenario has a web
server with w2k and iis 5.0, now i have put netcat listening on port 99 and
i can browse files and stuff like that but i need to scale privileges, i
tried hk but it fails.. is there something like hk for win2k???

elevation of previleges on Windows 2000:
- MS00-053 (Service Control Manager Named Pipe Impersonation)
  exploitcode (adds the current user to the local administrator group)
  is available (pipeupadmin)
- MS01-007 (Network DDE Agent Request ...)
  proof of concept code available (http://www.atstake.com)
- Gunsiki #45 (Elevation of privileges with debug registers on Win2K)
  proof of concept code (http://www.guninski.com/dr07.html)
...

ciao,
Tom Fischer

Current thread:

IIS & w2k Luis Javier Perez (Jun 04)
- Re: IIS & w2k Tom Fischer (Jun 05)
- <Possible follow-ups>
- RE: IIS & w2k Read, Greg (Jun 04)
- RE: IIS & w2k Yonatan Bokovza (Jun 04)
- Re:IIS & w2k renato.ettisberger (Jun 05)