Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pen testing iis 5

From: Javier Fernandez-Sanguino Peña <jfernandez () sgi es>
Date: Tue, 26 Jun 2001 10:09:13 +0200
ExpLiciT escribió:


Greetings.
I am pen-testing IIS 5 [no hotfixes] running in WinNT 4.0 with no fixes.  At
this point I want to upload a file to the box [nc.exe] and then I will
definately have the box.  How can I go about doing this?



        Easy.
        Since it is UNICODE bug-ridden, you can make *any* file using
        cmd redirection (that is, unless they are using a different
        partition for data, and there are no virtual dirs mapped to the
        C: drive).

        Anyway, you can create simple ASCII files using cmd.exe (need to
        copy & rename it). Since you can do ASCII, you can do binary,
        just create an uuencoded file and uudecode it locally. How?
        Use netsend.com to generate an auto-decoded ASCII file (.com)
        and execute it remotely after downloading it using 
        echo MASDFAJKDFAJFA >>file

        Yes, it can be a pain, but it's easily automated...

        Did I say I have such tool ready for prime time? I'll have to
        wait until July 5th, however, to release two tools that 
        *completely* automate this task. Yes, I've seen many tools
        regarding UNICODE explotation, I just think mine will be
        much more fun to use :)

        Javi

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: