Penetration Testing mailing list archives

Re: Is there any known "escape shell" techniques on a IIS/ASP server ?

From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Wed, 02 Feb 2005 10:15:40 +0100

Le mardi 25 janvier 2005 à 17:50 +0100, Frederic Charpentier a écrit :

If I'am allowed to upload ASP programs on a IIS server,  am I able to
escape IIS to send commands to the system ?


You may use CmdAsp.asp [1] ot NtDaddy.asp [2].


[1] : http://www.securiteam.com/tools/5AP020U35C.html
[2] : http://kakos-belas.netfirms.com/ntdaddy.asp
-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F

Current thread:

Re: Is there any known "escape shell" techniques on a IIS/ASP server ? Nicolas Gregoire (Feb 03)