Penetration Testing mailing list archives
Re: PHP Exploitation
From: Kish Pent <kish_pent () yahoo com>
Date: Sat, 24 Nov 2007 23:31:34 -0800 (PST)
Hi Danux, It's a bit cheeky to know you never tried c99 php backdoor, c99.php. If you're not aware of it, look into this paper http://www.milw0rm.com/papers/111 Cheers :) Kish --- Danux <danuxx () gmail com> wrote:
Hi experts, i need your ideas, By now, i am able to upload php files to a Windows 2003 Server, so i can execute php code like phpinfo, but i cant execute passthru command because of lack of IUSR_MACHINE privileges. I have run some local php bof's without success. Do you have another idea to break into the server through php code uploaded? Cheers!!!!! -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com
-- Kishore, Penetration Tester, 17/1,Upstairs,Sarojini St, Smart Security, T.Nagar, Chennai - 600 017 Phone: 91 98841 80767 ____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- PHP Exploitation Danux (Nov 24)
- Re: PHP Exploitation DokFLeed (Nov 25)
- Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation Kish Pent (Nov 25)
- Re: PHP Exploitation Robin Wood (Nov 27)
- Re: PHP Exploitation Danux (Nov 27)
- Message not available
- Re: PHP Exploitation Danux (Nov 29)
- Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation DokFLeed (Nov 25)