Penetration Testing mailing list archives
Re: clue on shell
From: "Anthony Cicalla" <anthony.cicalla () gmail com>
Date: Thu, 8 Jan 2009 08:48:39 -0800
1) setup ftp with vncsetup.exe for download. 2) start vnc on your computer with ports open for ftp and vnc over port 80 3) ftp connect to your server and get the vncserversetup.exe 4) use net use and create a user 5) add user to administrators group 6) use runas and run that vncserversetup.exe as the user you created 7) start vnc via commandline to connect out to your vnc listener 8) now you have remote visual control of that box On Mon, Jan 5, 2009 at 10:59 AM, Ricardo Mourato <ricardomcm () gmail com> wrote:
i pentesting people, i've got a shell in a customers server, using an webapp bug (eval() is evil()) :) the server seems to run windows 2003 server, it's known that IIS6 "had many security improvments", such as disabling the cmd.exe for the IIS user, that's why i have used the old fashion "command.com" and voila, i've got a shell, but it is very limited, i'm trying to upload some programs, in order to get a better shell and get admin rights, btw the server is also running plesk control panel , should i try this in a possible way to get admin? i know that sqlninja can upload files in debug script, i also thinked about that i could echo "hex stuff" into %TEMP%/nc.scr for example does anybondy knows how convert a binary in debug script? tnks.
-- Anthony,
Current thread:
- Re: clue on shell, (continued)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell ArcSighter Elite (Jan 06)
- Re: clue on shell Ricardo Mourato (Jan 06)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Christophe Kiciak (Jan 06)
- Re: clue on shell rajat swarup (Jan 06)
- Re: clue on shell Joshua Gimer (Jan 07)
- Re: clue on shell ArcSighter Elite (Jan 08)
- Re: clue on shell NeZa (Jan 08)
- Message not available
- Re: clue on shell Anthony Cicalla (Jan 09)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Anthony Cicalla (Jan 09)