Re: remote shell on windows 2000 server.

[brad Causey <bradcausey () gmail com>]

Mike,

Have you been able to validate that the NC.exe proc is listening? You
could insert a "netstat -a" into a table via the xp_cmd or maybe the
results of "wmic PROCESS list" (you may have to run wmic once to enable
the WMI CLI)

-Brad

Mike Klingler wrote:
> Guys,
>      I am working on a pen test and have had a lot of success wothing
> with sql injection to get to the database.  I moved on to try to
> obtain shell access.  I have been able to upload netcat.exe via tftp.
> However I haven't been able to get the system to connect to my landing
> point with netcat either outbound reverse or inbound standard.  Even
> when using UPD port 69 (The same port that the tftp transaction
> occurs)  I was able to get a connection from the test system with the
> same parameters. I can execute command line paramteres via the
> master..xp_cmdshell sql command and get feed back from the execution
> of the command via bulk inserts into create tables, but I haven't been
> able to get the remote shell.  The user account appears to be limited
> since I don't have access to the windows folders.  Does anyone have
> any advice for me that would allow me to obtain remote shell?  I would
> love to use this system as a launching pad for others on the LAN.
> Thanks

Attachment: signature.asc
Description: OpenPGP digital signature