Penetration Testing mailing list archives

Re: Pen on IIS with webroot not on C

From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: 12 Mar 2003 23:47:15 +0100

On Wed, 2003-03-12 at 10:54, A. Caruso wrote:

Most of the tools depend on the default install of IIS with webroot on
c:.  I've moved webroot to d: on my toybox and haven't been able to 
jump back to c: to get a shell (cmd).  Does anyone know of a mechanism
to "jump" file systems.

From unicoder.pl :

 
my @cdirs = qw (/scripts/ /msadc/ /iisadmpwd/ /_vti_bin/ /exchange/
/cgi-bin/ /pbserver/ /);

So, we're here looking for some common directories, often located on the
C: and whith the "exec" flag. And you need to find a directory located
on a filesystem with interesting binaires, like cmd.exe

You can't swap from disk to disk, because you're exploiting a "directory
transversal sploit", and there's no root directory (aka /) in the
Windows world.


Regards, 
-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Pen on IIS with webroot not on C A. Caruso (Mar 12)
- Re: Pen on IIS with webroot not on C Javier Fernandez-Sanguino (Mar 13)
- Re: Pen on IIS with webroot not on C Nicolas Gregoire (Mar 13)
- <Possible follow-ups>
- Re: Pen on IIS with webroot not on C Chris McNab (Mar 13)