Re: exploiting BID 529

[Nathan Jackson <c.cured () gmail com>]

Quote from securityfocus link:

You MUST Enter the host like this http://server  DON'T FORGET HTTP://
or it'll not work.


On 4 Dec 2004 19:49:13 -0000, m a <aznxy () yahoo com> wrote:
> Running a pen test on some web servers.
>
> Some were verified to have RDS version is 1.5 thus:
>
> http://10.1.1.1/msadc/readme.txt
>
> Here is the exploit:
>
> http://www.securityfocus.com/bid/529/exploit/
>
> I have tried unicode directory traversal which doesn't work.
>
> Running msadc works
>
> $ ./msadc.pl -h 10.1.1.1 -N
>
> -- RDS smack v2 - rain forest puppy / ADM / wiretrip --
>
> Machine name: NT2
>
> I am trying to execute some cmd /c commands, however just trying to echo >xxx a file to the default path of msadc and 
> the wwwroot does not yield anything I can open. I am largely trying to verify that the commands work.
>
> Even if this does work (and the default paths are changed) I am nost sure what else I can do with it considering the
>
> firewall is filtering out everything apart from 80 and 443 (some host
>
> probably just one) inbound. I could potentially try killing the inet process and then implant nc.exe and have it take 
> over on 80 or 443 but that would be to intrusive.
>
> Here's some more reading on this (this guy had the benefit of unicode):
>
> http://www.honeynet.org/scans/scan14/rfp.html
>
> Any help much appreciated.