Re: Re: Frontpage no password privileges escalation?

[09sparky () gmail com]

Trying to get some clarification for myself:  Ok, so I have full access to the FrontPage server application (via no 
password set).  I am able to upload/download/delete/etc.  At this point you could already deface the website.  Why 
would you use a tool like tool25.dat?  I am not familiar with this tool, but is it used to gain access to a web server, 
or used after you already have upload/download privileges?

Next, with uploading tools/exploits: what type of tools/exploits would you use within the FrontPage root directory to 
actually gain system privileges? Can you run exploits from within this type of application to gain admin privileges?  
How do you know what its internal vulnerabilities are? I cannot run an VA tools against it from the internal network to 
see its Microsoft vulnerabilities (i.e plug and play). Or run tools like metasploit.

Sorry if these are foolish questions, I am just trying to get a grasp for the procedure.  I did notice that this 
particular server did have "nc" in the Frontpage root directory (installed by hacker), but I didn't think that it could 
be executed from within this folder.

Also, If anyone has a link to the "tool25.dat" or other web defacement tools and/or exploits that could be run after 
FrontPage compromise (upload rights), I that would be great.  I would be very interested in running these in our lab 
for further understanding/knowledge.

Thanks,
Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------