PaulDotCom mailing list archives
Re: with full read access what would you read
From: Ryan Sears <rdsears () mtu edu>
Date: Tue, 2 Nov 2010 14:00:05 -0400 (EDT)
So what do you usually use to find LFIs Robin? Just a custom script with a wordlist that holds a bunch of iterations of ..\boot.ini? Also I wonder if you can read from the pipe filesystem... \\.\ or possibly a network address for that matter, then you have an RFI :) You also may want to check out Dan Crowly on windows file psudonyms, it's a very interesting read, and might help here. http://download.coresecurity.com/corporate/attachments/Windows%20File%20Pseudonyms%20Dan%20Crowley%20Shmoocom%202010.pdf Although if it just has a construction page, how did you even find an injectable parameter? Google enumeration? Thanks, (And I gotta say your work with the interceptor == freaking amazing! I can't wait to get my Fon+) Ryan Sears ----- Original Message ----- From: "Robin Wood" <robin () digininja org> To: "PaulDotCom Mailing List" <pauldotcom () mail pauldotcom com> Sent: Tuesday, November 2, 2010 12:52:46 PM GMT -05:00 US/Canada Eastern Subject: [Pauldotcom] with full read access what would you read On a recent test I found a website with a directory traversal attack that let me read any file. The server was Win 2003 and I read the obvious win.ini and boot.ini. I then read the Administrators desktop.ini to prove I could. I tried but couldn't read the registry files (not expected but worth trying). The web server was an unusual one, part of an app so I couldn't find the web root. The IIS web root just had an "Under Construction" file in it so nothing interesting in there. So, without being able to do directory listings to see what is there, what files would you read on this box and why? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- with full read access what would you read Robin Wood (Nov 02)
- Re: with full read access what would you read Tim Krabec (Nov 02)
- Re: with full read access what would you read Ryan Sears (Nov 02)
- Re: with full read access what would you read Robin Wood (Nov 03)
- Re: with full read access what would you read Bill Swearingen (Nov 02)
- Re: with full read access what would you read Michael Dickey (Nov 03)
- Re: with full read access what would you read Robin Wood (Nov 08)
- <Possible follow-ups>
- Re: with full read access what would you read d4ncingd4n (Nov 02)
- Re: with full read access what would you read Robin Wood (Nov 03)