Penetration Testing mailing list archives
Re: escalating IUSR to admin rights via unicode and iis4
From: Jeanette LaRosa <bluehonda () att net>
Date: 11 Jul 2002 21:46:50 -0000
In-Reply-To: <200207091718.g69HIFI92011 () mailserver4 hushmail com> Upload the cmdasp script from Maceo to the victim server. It will give you a form interface to submit commands that will run as SYSTEM on IIS4. You used to be able to download it from http://www.dogmile.com/files, but this site seems to have disappeared. (Anyone know if Maceo has a new site?) You should be able to cut and paste the code from here: http://www.securiteam.com/tools/CmdAsp_asp_checks_your _last_line_of_defense.html JL ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- escalating IUSR to admin rights via unicode and iis4 ewvtwvi (Jul 11)
- Re: escalating IUSR to admin rights via unicode and iis4 Bill Pennington (Jul 11)
- Re: escalating IUSR to admin rights via unicode and iis4 Daniel Polombo (Jul 30)
- <Possible follow-ups>
- Re: escalating IUSR to admin rights via unicode and iis4 Jeanette LaRosa (Jul 11)
- Re: escalating IUSR to admin rights via unicode and iis4 juan . francisco . falcon (Jul 11)
- RE: escalating IUSR to admin rights via unicode and iis4 French, Dave (Jul 12)
- Re: escalating IUSR to admin rights via unicode and iis4 Bill Pennington (Jul 11)