Penetration Testing mailing list archives

Re: clue on shell

From: "rajat swarup" <rajats () gmail com>
Date: Tue, 6 Jan 2009 09:19:30 -0500

On Mon, Jan 5, 2009 at 1:59 PM, Ricardo Mourato <ricardomcm () gmail com> wrote:

i pentesting people, i've got a shell in a customers server, using an
webapp bug (eval() is evil()) :)
the server seems to run windows 2003 server, it's known that IIS6 "had
many security improvments", such as disabling the cmd.exe for the IIS
user, that's why i have used the old fashion "command.com" and voila,
i've got a shell, but it is very limited, i'm trying to upload some
programs, in order to get a better shell and get admin rights, btw the


Setup an FTP server and try accessing it from command.com.  It should work.
-- 
Rajat Swarup

http://rajatswarup.blogspot.com/

Current thread:

clue on shell Ricardo Mourato (Jan 05)
- Re: clue on shell Robin Wood (Jan 06)
  - Re: clue on shell ArcSighter Elite (Jan 06)
  - Re: clue on shell Ricardo Mourato (Jan 06)
    - Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Christophe Kiciak (Jan 06)
- Re: clue on shell rajat swarup (Jan 06)
- Re: clue on shell Joshua Gimer (Jan 07)
  - Re: clue on shell ArcSighter Elite (Jan 08)
  - Re: clue on shell NeZa (Jan 08)
- Message not available
  - Re: clue on shell Anthony Cicalla (Jan 09)
- Re: clue on shell Anthony Cicalla (Jan 09)