Penetration Testing mailing list archives
Re: pen testing iis 5
From: Javier Fernandez-Sanguino Peña <jfernandez () sgi es>
Date: Tue, 26 Jun 2001 10:09:13 +0200
ExpLiciT escribió:
Greetings. I am pen-testing IIS 5 [no hotfixes] running in WinNT 4.0 with no fixes. At this point I want to upload a file to the box [nc.exe] and then I will definately have the box. How can I go about doing this?
Easy. Since it is UNICODE bug-ridden, you can make *any* file using cmd redirection (that is, unless they are using a different partition for data, and there are no virtual dirs mapped to the C: drive). Anyway, you can create simple ASCII files using cmd.exe (need to copy & rename it). Since you can do ASCII, you can do binary, just create an uuencoded file and uudecode it locally. How? Use netsend.com to generate an auto-decoded ASCII file (.com) and execute it remotely after downloading it using echo MASDFAJKDFAJFA >>file Yes, it can be a pain, but it's easily automated... Did I say I have such tool ready for prime time? I'll have to wait until July 5th, however, to release two tools that *completely* automate this task. Yes, I've seen many tools regarding UNICODE explotation, I just think mine will be much more fun to use :) Javi -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- pen testing iis 5 ExpLiciT (Jun 21)
- Re: pen testing iis suntzu (Jun 24)
- Re: pen testing iis Enrique A. Sanchez Montellano (Jun 27)
- Re: pen testing iis Javier Fernandez-Sanguino Peña (Jun 28)
- Re: pen testing iis Enrique A. Sanchez Montellano (Jun 27)
- Re: pen testing iis 5 Javier Fernandez-Sanguino Peña (Jun 27)
- <Possible follow-ups>
- Re: pen testing iis 5 Stephen Friedl (Jun 22)
- Re: pen testing iis 5 Reverend Lola (Jun 22)
- RE: pen testing iis 5 dilbert96 (Jun 24)
- RE: pen testing iis 5 st0ff st0ff (Jun 25)
- Pen Testing a Oracle database. How to pull data? Osvaldo J . Filho (Jun 26)
- RE: Pen Testing a Oracle database. How to pull data? Aaron C. Newman (Jun 26)
- RE: Pen Testing a Oracle database. How to pull data? George Milliken (Jun 26)
- Pen Testing a Oracle database. How to pull data? Osvaldo J . Filho (Jun 26)
- Re: pen testing iis suntzu (Jun 24)