Penetration Testing mailing list archives
Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug?
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Sun, 25 Mar 2001 17:04:55 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The point he was making was that IIS 5.0 is immune to that, and he was wondering about other methods of elevating his access. - -HD On Sunday 25 March 2001 12:55 pm, Wertheimer, Ishai wrote:
You can upload to the server this nice asp file by Maceo, and then easily type net localgroup administrators iusr_servername /add, and you are admin (I suppose that if the security configuration isn't too tight, you'll manage to do that). Cheers, Ishai Wertheimer -----Original Message----- From: Renato Ettisberger [mailto:renato.ettisberger () CH PWCGLOBAL COM] Sent: Sunday, March 25, 2001 5:38 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Hi, I'm doing a pen test and I found a IIS 5.0 (Win2k) with the Unicode bug. As you know, there is a way to span a shell with admin rights on a IIS 4.0 with the Unicode bug. I ask me, if there is a way to gain admin rights on an IIS 5.0, Win2k with the Unicode bug too?
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBOr55lzwRvqMPEDLhEQK8KwCfbrnBMlB2sEpSoAqw59ApJmHkEnMAn3qv lmlKpdXarBMpJuDpKadVF4A/ =H5Xg -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- <Possible follow-ups>
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Wertheimer, Ishai (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? H D Moore (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? robmann (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)