Penetration Testing mailing list archives
Re: Is there any known "escape shell" techniques on a IIS/ASP server ?
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Wed, 02 Feb 2005 10:15:40 +0100
Le mardi 25 janvier 2005 à 17:50 +0100, Frederic Charpentier a écrit :
If I'am allowed to upload ASP programs on a IIS server, am I able to escape IIS to send commands to the system ?
You may use CmdAsp.asp [1] ot NtDaddy.asp [2]. [1] : http://www.securiteam.com/tools/5AP020U35C.html [2] : http://kakos-belas.netfirms.com/ntdaddy.asp -- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
Current thread:
- Re: Is there any known "escape shell" techniques on a IIS/ASP server ? Nicolas Gregoire (Feb 03)