Vulnerability Development mailing list archives
Re: dos commands via iis 4 (TFTP)
From: MadHat <madhat () UNSPECIFIC COM>
Date: Wed, 15 Nov 2000 10:52:42 -0600
Lincoln Yeoh wrote:
At 12:25 PM 13-11-2000 -0600, MadHat wrote:So after this, there is a port open (22 in this case as many admins will leave this open for SSH, but this is an NT box, which as we know rarely has SSH running on it) that I can telnet to and have a command prompt.How about port 80? Most firewalls would allow arbitrary stuff through to that server on port 80, since it's already a webserver.
To do that you have to kill the web server, and if something like BigBrother or WhatsUp is running, it has the chance to bind to the port first and then the shell and all access is gone. ANd if you get to it first, the BB or WU will alert people that the web server is down. It just depends on the goal. You could use any port you see as working, depending on how ACLs and firewalls are set up infront of the target. BTW, someone else asked about the tftp issue of having it blocked by ACLs, well, you can also look for directories on the web server that have bad permissions and try using a PUT through http, or possibilly an upload script. I have found a site or two that had an upload script on it and with the UNICODE and the type command I was able to find where the file was stored, then just use the upload script to move the file over and... you are there again. I am sure there are other options as well, this is just what I have found in minimal testing. -- MadHat at unspecific.com "The 3 great virtues of a programmer: Laziness, Impatience, and Hubris." --Larry Wall
Current thread:
- Re: dos commands via iis 4 (TFTP) Loschiavo, Dave (Nov 11)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 14)
- Re: dos commands via iis 4 (TFTP) dsbelile (Nov 15)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 15)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)
- Re: dos commands via iis 4 (TFTP) Matt Zimmerman (Nov 16)
- Re: dos commands via iis 4 (TFTP) Bluefish (P.Magnusson) (Nov 16)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 18)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 19)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Illes Marci (Nov 21)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 22)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 14)