Re: Re: Frontpage no password privileges escalation?

["Jamie Riden" <jamesr () europe com>]

On 6 Oct 2006 00:45:55 -0000, 09sparky () gmail com <09sparky () gmail com> wrote:
> Trying to get some clarification for myself:  Ok, so I have full access to the FrontPage server application (via no 
> password set).  I am able to upload/download/delete/etc.  At this point you could already deface the website.  Why 
> would you use a tool like tool25.dat?  I am not familiar with this tool, but is it used to gain access to a web server, 
> or used after you already have upload/download privileges?

tool25.dat and other scripts have functionality that can include
connecting to mysql, mssql, oracle, postgres databases, browsing
directories, sending email and of course trying a variety of different
ways to execute system commands.

for example, see
http://www.google.com/search?hl=en&lr=&q=%22Defacing+Tool+2.0+by+r3v3ng4ns%22&btnG=Search

In some ways, they're the web equivalent of the tgz's full of local
privilege escalation exploits that people like to upload.

There is probably an ASP equivalent - all of the ones I have looked at
are for PHP.

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com
NZ Honeynet project - http://www.nz-honeynet.org/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------