Penetration Testing mailing list archives

Frontpage no password privileges escalation?

From: 09sparky () gmail com
Date: 4 Oct 2006 00:35:11 -0000

Does anyone know if there is a way to gain root/admin access to a system if you are able to connect to Microsoft 
FrontPage with No password set on the web server?  It is running "Microsoft IIS web server 5.0".  The system has been 
clearly compromised, but I want to see if there were any additional attack vectors that the hackers have performed, to 
compromise the rest of the system.  The obvious recommendation to the client is to re-image the whole machine (after 
forensic investigation - if necessary), but any suggestions for escalating privileges?

Thanks,
09Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Frontpage no password privileges escalation? 09sparky (Oct 04)
- Re: Frontpage no password privileges escalation? thomas springer (Oct 05)
- <Possible follow-ups>
- Re: Re: Frontpage no password privileges escalation? 09sparky (Oct 06)
  - Re: Re: Frontpage no password privileges escalation? Jamie Riden (Oct 06)
    - Re: Re: Frontpage no password privileges escalation? DokFLeed (Oct 07)