Penetration Testing mailing list archives
RE: How to get a reverse Shell / VNC from a writable directory on a remote web server.
From: Irene Abezgauz <irene.abezgauz () gmail com>
Date: Fri, 5 Aug 2005 22:33:14 +0200
Just how writeable is writeable? Can you upload anything of anything or are you limited? Can you execute things from the dir? Is it limited by the server? What server is it? Maybe it has a few other vulnerabilities that will be easier to exploit. In cases like this I usually upload netcat and take it from there. The main problem is that it's not trivial because you can't really upload binaries easily with the PUT method, so you need to upload a non-binary version and then find a way to make it useable. More detail will help in this case. Btw, questions like this are better to be asked at webappsec () securityfocus com which is more web oriented. Irene Irene Abezgauz Application Security Consultant Hacktics Ltd. Mobile: +972-54-6545405 Web: www.hacktics.com -----Original Message----- From: AsTriXs [mailto:astrixs () gmail com] Sent: Friday, August 05, 2005 1:03 PM To: pen-test () securityfocus com Subject: How to get a reverse Shell / VNC from a writable directory on a remote web server. Hi, I have found a few writable directories on a remote web server on which I am doing a Pen-Test. How do I setup a reversell of a VNC from this stage? What tools can I use? Does Metasploit provide an option? What would be the procedure to achieve the same? Thanks, -- [AsTriXs] ------------------------------------------------------------------------ ------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ------------------------------------------------------------------------ ------- -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 8/4/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 8/4/2005 ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- How to get a reverse Shell / VNC from a writable directory on a remote web server. AsTriXs (Aug 05)
- Re: How to get a reverse Shell / VNC from a writable directory on a remote web server. Ricardo Mourato (Aug 06)
- RE: How to get a reverse Shell / VNC from a writable directory on a remote web server. Irene Abezgauz (Aug 06)
- Re: How to get a reverse Shell / VNC from a writable directory on a remote web server. H D Moore (Aug 06)
- Re: How to get a reverse Shell / VNC from a writable directory on a remote web server. Maarten Hartsuijker (Aug 06)