Penetration Testing mailing list archives
Re: PHP Exploitation
From: Kish Pent <kish_pent () yahoo com>
Date: Sat, 24 Nov 2007 23:31:34 -0800 (PST)
Hi Danux, It's a bit cheeky to know you never tried c99 php backdoor, c99.php. If you're not aware of it, look into this paper http://www.milw0rm.com/papers/111 Cheers :) Kish --- Danux <danuxx () gmail com> wrote:
Hi experts, i need your ideas, By now, i am able to upload php files to a Windows 2003 Server, so i can execute php code like phpinfo, but i cant execute passthru command because of lack of IUSR_MACHINE privileges. I have run some local php bof's without success. Do you have another idea to break into the server through php code uploaded? Cheers!!!!! -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com
--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar,
Chennai - 600 017
Phone: 91 98841 80767
____________________________________________________________________________________
Get easy, one-click access to your favorites.
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Current thread:
- PHP Exploitation Danux (Nov 24)
- Re: PHP Exploitation DokFLeed (Nov 25)
- Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation Kish Pent (Nov 25)
- Re: PHP Exploitation Robin Wood (Nov 27)
- Re: PHP Exploitation Danux (Nov 27)
- Message not available
- Re: PHP Exploitation Danux (Nov 29)
- Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation DokFLeed (Nov 25)