Penetration Testing mailing list archives
Re: IIS : access to cmd.exe and multiple commands on one line
From: hellNbak <hellnbak () nmrc org>
Date: Tue, 23 Oct 2001 11:17:37 -0400 (EDT)
Perhaps you used a bad example but you don't need to send two commands to accomplish a directory outside of the web root. A simple "dir C:\" or whatever would would fine. I find it much easier to simply upload a .cmd file to the temp directory that contains all the commands I want to run then I execute the file. On Tue, 23 Oct 2001, Daniel Polombo wrote:
Hello, as you all know, it's possible to exploit a number of IIS bugs to gain access to \winnt\system32\cmd.exe and execute arbitrary commands on the server. I've been trying to convince it to execute several commands on one line (as one would separate commands with a ';' under any decent shell), with limited success : on a number of NT/2k boxes, the syntax : command1 & command2 (eg, cd .. & dir) works fine. On some other boxes, though, it only returns 'The parameter is incorrect'.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbak () nmrc org http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- IIS : access to cmd.exe and multiple commands on one line Daniel Polombo (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line hellNbak (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Rebecca Kastl (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Alex Butcher (pentest) (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Emre Yildirim (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Rainer Duffner (Oct 24)
- Re: IIS : access to cmd.exe and multiple commands on one line Daniel Polombo (Oct 24)
- <Possible follow-ups>
- Re: IIS : access to cmd.exe and multiple commands on one line Garreth Jeremiah/Markham/IBM (Oct 24)
- RE: IIS : access to cmd.exe and multiple commands on one line Sam Steinmeyer (Oct 24)