Penetration Testing mailing list archives

Re: pen testing iis 5

From: Reverend Lola <reverend_lola () yahoo com>
Date: Thu, 21 Jun 2001 16:12:47 -0700 (PDT)

-----Original Message-----
From: ExpLiciT

[mailto:evablunted () freemail absa co za]

Sent: Monday, June 18, 2001 2:31 AM
To: Penetration Testing (E-mail)
Subject: pen testing iis 5


Greetings.
I am pen-testing IIS 5 [no hotfixes] running in

WinNT 4.0

with no fixes.  At
this point I want to upload a file to the box

[nc.exe] and then I will

definately have the box.  How can I go about doing

this?

There are several ways you can do this.  One trick
I've used on pen-tests before:  

Put nc.exe on an FTP server somewhere.  Use the old
Unicode vulnerability to run DOS commands on the
target IIS box, and create a text file containing an
FTP script (the script should make the server connect
to the FTP server and download nc.exe).  Then get IIS
to run the FTP script, and you're done.  


Hope this helps, 

Reverend Lola
The Titanium Sheep
Provider of Steel Wool
Defender of the Fleeceless

Thanks

--ExpLiciT
      'Firewalls are speed bumps not brick walls'


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

Current thread:

pen testing iis 5 ExpLiciT (Jun 21)
- Re: pen testing iis suntzu (Jun 24)
  - Re: pen testing iis Enrique A. Sanchez Montellano (Jun 27)
    - Re: pen testing iis Javier Fernandez-Sanguino Peña (Jun 28)
- Re: pen testing iis 5 Javier Fernandez-Sanguino Peña (Jun 27)
- <Possible follow-ups>
- Re: pen testing iis 5 Stephen Friedl (Jun 22)
- Re: pen testing iis 5 Reverend Lola (Jun 22)
- RE: pen testing iis 5 dilbert96 (Jun 24)
- RE: pen testing iis 5 st0ff st0ff (Jun 25)
  - Pen Testing a Oracle database. How to pull data? Osvaldo J . Filho (Jun 26)
    - RE: Pen Testing a Oracle database. How to pull data? Aaron C. Newman (Jun 26)
    - RE: Pen Testing a Oracle database. How to pull data? George Milliken (Jun 26)