Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Deeper Penetration
From: Oliver Petruzel <oliverpetruzel () EMAIL COM>
Date: Wed, 15 Nov 2000 17:26:04 -0500

------Original Message------
From: "Chris St. Clair" <chris_stclair () HOTMAIL COM>
To: PEN-TEST () SECURITYFOCUS COM
Sent: November 15, 2000 8:15:34 PM GMT
Subject: Re: Deeper Penetration


VNC. Problem is, the system is firewalled and I can't get the server
to
download any tools. Suggestions anyone.

Does the firewall do any packet inspection at all? Is the web server
being
fed by a reverse-proxy? Is the web server using both 80 and 443?

If you answered no to all of the above, park a netcat listener on
443 and grab a shell first. Does the firewall allow the web server
to make any outbound connections at all? If not, craft some html on
the web server to allow file uploading.

I was in a situation similar to this, but ended up not having to
craft the html because I could get the web server to (t)ftp outbound
and suck files up.

Good luck.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.


-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]