Penetration Testing mailing list archives
clue on shell
From: "Ricardo Mourato" <ricardomcm () gmail com>
Date: Mon, 5 Jan 2009 18:59:15 +0000
i pentesting people, i've got a shell in a customers server, using an webapp bug (eval() is evil()) :) the server seems to run windows 2003 server, it's known that IIS6 "had many security improvments", such as disabling the cmd.exe for the IIS user, that's why i have used the old fashion "command.com" and voila, i've got a shell, but it is very limited, i'm trying to upload some programs, in order to get a better shell and get admin rights, btw the server is also running plesk control panel , should i try this in a possible way to get admin? i know that sqlninja can upload files in debug script, i also thinked about that i could echo "hex stuff" into %TEMP%/nc.scr for example does anybondy knows how convert a binary in debug script? tnks.
Current thread:
- clue on shell Ricardo Mourato (Jan 05)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell ArcSighter Elite (Jan 06)
- Re: clue on shell Ricardo Mourato (Jan 06)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Christophe Kiciak (Jan 06)
- Re: clue on shell rajat swarup (Jan 06)
- Re: clue on shell Joshua Gimer (Jan 07)
- Re: clue on shell ArcSighter Elite (Jan 08)
- Re: clue on shell NeZa (Jan 08)
- Message not available
- Re: clue on shell Anthony Cicalla (Jan 09)
- Re: clue on shell Robin Wood (Jan 06)