Re: clue on shell

[NeZa <danuxx () gmail com>]

Hi,

Taking into consideration that you already know how to upload
files!!!!! i mean through tftp or php program so on.....
In my experience what i did in the past is to upload a new copy of
cmd.exe file to the server (taking care of the same W2K3 version and
Service Pack so that it can get executed) in a writable directory,
and obviously the onwer of this file is IUSR_Machine so you can
execute it, then upload a windows netcat version, then execute reverse
shell with netcat through my cmd.exe binary file and get a remote
shell!!!

May be your reverse shell might need to do a 80 port connection to
outside so that you do not get filtered by the Firewall!!!!

My two cents!!!!!

On Tue, Jan 6, 2009 at 6:13 PM, Joshua Gimer <jgimer () gmail com> wrote:
> On Mon, Jan 5, 2009 at 11:59 AM, Ricardo Mourato <ricardomcm () gmail com> wrote:
> > i've got a shell, but it is very limited, i'm trying to upload some
> > programs, in order to get a better shell and get admin rights
>
> You could also start the telnet service:
>
> sc start TlntSvr
>
> or
>
> net start TlntSvr
>
> Just be careful when performing your tests that you do not weaken the
> security posture of then system too much, the point is to determine
> high risk areas not create them.
>
> --
> Thx
> Joshua Gimer



-- 
Daniel Regalado aka NeZa
Hacker Wanna Be from Nezahualcoyotl

www.macula-group.com