Penetration Testing mailing list archives
Re: clue on shell
From: "rajat swarup" <rajats () gmail com>
Date: Tue, 6 Jan 2009 09:19:30 -0500
On Mon, Jan 5, 2009 at 1:59 PM, Ricardo Mourato <ricardomcm () gmail com> wrote:
i pentesting people, i've got a shell in a customers server, using an webapp bug (eval() is evil()) :) the server seems to run windows 2003 server, it's known that IIS6 "had many security improvments", such as disabling the cmd.exe for the IIS user, that's why i have used the old fashion "command.com" and voila, i've got a shell, but it is very limited, i'm trying to upload some programs, in order to get a better shell and get admin rights, btw the
Setup an FTP server and try accessing it from command.com. It should work. -- Rajat Swarup http://rajatswarup.blogspot.com/
Current thread:
- clue on shell Ricardo Mourato (Jan 05)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell ArcSighter Elite (Jan 06)
- Re: clue on shell Ricardo Mourato (Jan 06)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Christophe Kiciak (Jan 06)
- Re: clue on shell rajat swarup (Jan 06)
- Re: clue on shell Joshua Gimer (Jan 07)
- Re: clue on shell ArcSighter Elite (Jan 08)
- Re: clue on shell NeZa (Jan 08)
- Message not available
- Re: clue on shell Anthony Cicalla (Jan 09)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Anthony Cicalla (Jan 09)