cmdasp.asp & unicode

[Mike Ahern <mc_ahern () yahoo com>]

Q.) ...Why cant i delete the files i have uploaded to
c:\inetpub\scripts? The user SIVAC should be
allowed... if i can write in the directory i should be
allowed to delete too...

A.) Based on what I have had to do in the past...
Chances are either you need to run the attrib command
from the command line prior to trying to delete the
file:

attrib -r -h -s <filename>


or the file is in use:

for example, netcat has a connection open and so you
can't delete it while it is in use.

You should be able to use the unicode strings from a
browser directly to accomplish what you want to do
(i.e. delete certain files), or from a remote shell:

My advice, forget using cmdasp at this point. It's
just a quick and simple way to get things going, not
some place you should stay during all your pentest
efforts. Hopefully you have been able to get a remote
shell via netcat, or via similar software. It's alot
cleaner and nicer to work interactively from the shell
than from using a browser or script to execute
commands once you get that far. Tho for quick and
dirty things, and if it serves your purposes, who
cares?? Use what works for you!


 - Mike






__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/