|
Penetration Testing
mailing list archives
clue on shell
From: "Ricardo Mourato" <ricardomcm () gmail com>
Date: Mon, 5 Jan 2009 18:59:15 +0000
i pentesting people, i've got a shell in a customers server, using an
webapp bug (eval() is evil()) :)
the server seems to run windows 2003 server, it's known that IIS6 "had
many security improvments", such as disabling the cmd.exe for the IIS
user, that's why i have used the old fashion "command.com" and voila,
i've got a shell, but it is very limited, i'm trying to upload some
programs, in order to get a better shell and get admin rights, btw the
server is also running plesk control panel , should i try this in a
possible way to get admin?
i know that sqlninja can upload files in debug script, i also thinked about that
i could echo "hex stuff" into %TEMP%/nc.scr for example
does anybondy knows how convert a binary in debug script?
tnks.
 By Date 
By Thread
Current thread:
- clue on shell Ricardo Mourato (Jan 05)
|
Intro
