Penetration Testing mailing list archives

clue on shell

From: "Ricardo Mourato" <ricardomcm () gmail com>
Date: Mon, 5 Jan 2009 18:59:15 +0000

i pentesting people, i've got a shell in a customers server, using an
webapp bug (eval() is evil()) :)
the server seems to run windows 2003 server, it's known that IIS6 "had
many security improvments", such as disabling the cmd.exe for the IIS
user, that's why i have used the old fashion "command.com" and voila,
i've got a shell, but it is very limited, i'm trying to upload some
programs, in order to get a better shell and get admin rights, btw the
server is also  running plesk control panel , should i try this in a
possible way to get admin?

i know that sqlninja can upload files in debug script, i also thinked about that
i could  echo "hex stuff" into  %TEMP%/nc.scr for example

does anybondy knows how convert a binary in debug script?

tnks.

Current thread:

clue on shell Ricardo Mourato (Jan 05)
- Re: clue on shell Robin Wood (Jan 06)
  - Re: clue on shell ArcSighter Elite (Jan 06)
  - Re: clue on shell Ricardo Mourato (Jan 06)
    - Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Christophe Kiciak (Jan 06)
- Re: clue on shell rajat swarup (Jan 06)
- Re: clue on shell Joshua Gimer (Jan 07)
  - Re: clue on shell ArcSighter Elite (Jan 08)
  - Re: clue on shell NeZa (Jan 08)
- Message not available
  - Re: clue on shell Anthony Cicalla (Jan 09)

(Thread continues...)