Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: HTTP PUT exploitation

From: Olasupo Lawal <lawal () lineone net>
Date: Sat, 29 Sep 2001 11:43:55 -0600
There area number of things you can do. You can upload cmdasp.asp to the any
folder within the web root which you can pretty much reach through your
browser. One very good folder that I normally use is the images folder.
Cmdasp.asp will give you command line access to the web server using your
browser, giving you the ability to execute commands. The advantage of this
is that if the web server is behind a firewall, then port 80 may most likely
be the only port allowed through to the web server through the firewall. In
this scenario, the firewall cannot protect the mis-configured web server.
However if the web server is not behind a firewall, you may consider loading
a small telnet server like icmd.exe unto the web server, but then you will
still need to start the telnet server on a chosen port, giving you normal
telnet access to the server. icmd.exe enables you to put a password, but it
may not be advisable to run it for too long as it supports multiple sessions
and another attacker may get command line access to the server if they can
crack the password, meaning in the process of testing the web server, the
web server may be hacked. There may legal implications so you may want to
exercise some caution in using a tool like icmd.exe. Hope this information
helps.

regards
Ola

-----Original Message-----
From: Tim Russo [mailto:trusso () wireguided com]
Sent: Friday, September 28, 2001 2:03 PM
To: pen-test () securityfocus com
Subject: HTTP PUT exploitation


Quick question. I have a client who has a misconfigured IIS server (that's
new) which allows anyone to do HTTP PUT commands and place files on the www
server. Is exploiting this as simple as "putting" something like netcat in
the cgi-bin directory and running it with the port listen options? What if
you cannot place files in the cgi-bin directory? How can I use PUT to get a
shell on this system? I know this is a basic question but this is the first
time I found someone has actually done this.

-Tim


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: