Penetration Testing mailing list archives
Re: Problems on the DOS-Prompt
From: Oliver Karow <Oliver.Karow () gmx de>
Date: Tue, 18 Sep 2001 10:23:11 +0000
I dont think so. But you wouldnt need one.Just keep in mind: You should not be able to use commands that forces an "windows integrated" authentication on an other machine. This is f.e. the case with the NET-Use command. (As far as i can remember, this is because the SYSTEM Account has the same SID on every machine. And because the SYSTEM is part of the TCB, you would automaticly be part of the TCB of the other machine...)
But you should still be able to establish connections where you have to pass a valid logon/password pair like FTP or Telnet.
With this knowledge you can build your own list :) bye, Oliver At 15:07 17.09.2001 -0700, kevin mckay wrote:
Is there a list of all availible commands that can be used on nt and 2k machines? --- Oliver.Karow () gmx de wrote: > Hi, > > maybe the problem is that you started NC in the LogonSession of the > SYSTEM > Account, which is in most cases the Account in which the IIS prozess > is > running. (This depends on the exploit you are using ;) > > The system account has nor permissions outside of the local system. > Which > means you can't use some of the NET-Commands. > > Best regards, > > Oliver > > > > Hi, > > > > I seem to habe problems with a netcat-bindshell on a plain-vanilla > > NT4SP6a. > > > > I can execute some commands, but some fail. > > > > E.g., I thought I could map drives with NET USE - but I only get > some > > 4-digit error-code. > > I can upload files, get the SAM via rdisk, restart IIS etc. > > > > Even with hk.exe, NET USE fails. Is there an explanation ? > > > > Thanks in advance, > > > > Rainer > > -- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Rainer Duffner Munich > > rainer () ultra-secure de Germany > > http://www.i-duffner.de Freising > > ======================================== > > When shall we three meet again > > In thunder, lightning, or in rain? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > ---------------------------------------------------------------------------- > > This list is provided by the SecurityFocus Security Intelligence > Alert > > (SIA) > > Service. For more information on SecurityFocus' SIA service which > > automatically alerts you to the latest security vulnerabilities > please > > see: > > https://alerts.securityfocus.com/ > > > > -- > GMX - Die Kommunikationsplattform im Internet. > http://www.gmx.net > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence > Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities > please see: > https://alerts.securityfocus.com/ > __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Problems on the DOS-Prompt Rainer Duffner (Sep 16)
- Re: Problems on the DOS-Prompt Tomi Tuominen (Sep 17)
- Re: Problems on the DOS-Prompt andreas junestam (Sep 17)
- Re: Problems on the DOS-Prompt Oliver . Karow (Sep 17)
- Re: Problems on the DOS-Prompt Rainer Duffner (Sep 17)
- Message not available
- Re: Problems on the DOS-Prompt Oliver Karow (Sep 18)
- Re: Problems on the DOS-Prompt H D Moore (Sep 18)