Re: dos commands via iis 4 (TFTP)-NETBIOS

["Loschiavo, Dave" <DLoschiavo () FRCC CC CA US>]

When you execute commands/access files through the IIS web interface, you
are acting in the context of IUSER_<MACHINE>. By default this account
installs as either a local guest (on a member server) or a domain guest (on
a domain controller).

-----Original Message-----
From: Illes Marci
To: VULN-DEV () SECURITYFOCUS COM
Sent: 11/20/00 2:37 PM
Subject: Re: dos commands via iis 4 (TFTP)-NETBIOS

On Sat, 18 Nov 2000, Paul Cardon wrote:

> You seem to have completely missed the point even though MadHat
> explained it clearly.  Your suggestion would result in nc.exe
connected
> to a command shell as IUSER_<MACHINE> which has very little privilege.
> eeyerulez.asp performs a buffer overflow that results in SYSTEM level
> access to the server.  The question you must ask is do you want to be
a
> luser on the system or do you want to 0wn it?
>
> -paul
Hi,

 IIS runs as SYSTEM user by default. I belive you gain SYSTEM level
access, when starting an ncx.exe for example. With system privilege you
really own the computer. You can do anything with that box, but nothing
with the network. Of course you can switch to some domain user, which is
more powerfull in the network.

Marci