Vulnerability Development mailing list archives
Re: dos commands via iis 4 (TFTP)
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Thu, 16 Nov 2000 09:20:09 +0800
At 10:52 AM 15-11-2000 -0600, MadHat wrote:
Lincoln Yeoh wrote:At 12:25 PM 13-11-2000 -0600, MadHat wrote:So after this, there is a port open (22 in this case as many admins will leave this open for SSH, but this is an NT box, which as we know rarely has SSH running on it) that I can telnet to and have a command prompt.How about port 80? Most firewalls would allow arbitrary stuff through to that server on port 80, since it's already a webserver.To do that you have to kill the web server, and if something like BigBrother or WhatsUp is running, it has the chance to bind to the port
I seem to recall that you could hijack port 80, or even 139 on windows machines, without bringing down the service. And you can do that with netcat. e.g. nc -L -s interface.ip.address.here -p 80 I haven't checked to see if that feature has been fixed in the latest service packs. If it's not fixed, or it's fixed using some obscure hotfix, then I figure the chances are good :). And after you're done, kill your netcat and things are back to normal. Cheerio, Link.
Current thread:
- Re: dos commands via iis 4 (TFTP) Loschiavo, Dave (Nov 11)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 14)
- Re: dos commands via iis 4 (TFTP) dsbelile (Nov 15)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 15)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)
- Re: dos commands via iis 4 (TFTP) Matt Zimmerman (Nov 16)
- Re: dos commands via iis 4 (TFTP) Bluefish (P.Magnusson) (Nov 16)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 18)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 19)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Illes Marci (Nov 21)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 22)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 14)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)