Vulnerability Development mailing list archives
Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)
From: amonotod <amonotod () NETSCAPE NET>
Date: Sat, 28 Oct 2000 20:37:25 CDT
On Fri 10/27/00 5:41 AM, Robert A. Seace wrote:
In the profound words of Ryan Yagatich:also, you can setup a tftp server on your box, and tftp the file/trojan in which you are attempting to run. (netcat anyone?) all you have to do is setup the command string, the same way.Another way to transfer files would be "rcp", if you find it easier to setup "in.rshd" on your server... (At least, the NT machine I saw had an "rcp.exe" client installed in "\winnt\system32\"... Not sure how standard that is...)
Quite standard setup, however, as part of the process of locking down the server, you should restrict access to all the system32\r*.* commands to only administrators, including the exclusion of System. Furthermore, you should restrict access to net.exe, ftp.exe, tftp.exe and other remote service link executables from any 'service' type accounts, and maybe even from System. If your server is not properly configured, you're open to many kinds of attack, not just whatever the current popular attack may be. amonotod ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail
Current thread:
- Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Ryan Yagatich (Oct 27)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Robert A. Seace (Oct 28)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Ryan Yagatich (Oct 29)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Marcelo Lamoglia (Oct 28)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) syzop (Oct 28)
- <Possible follow-ups>
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Daniel Docekal (Oct 29)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) amonotod (Oct 29)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Robert A. Seace (Oct 28)