Penetration Testing: Re: clue on shell

["Anthony Cicalla" <anthony.cicalla () gmail com>]

use ftp on the server via command to connect to your ftp server and
download whatever you want to the server. Also you can start and stop
services, and add a user via net command and also add that use to the
administrator's group. so setup ftp with nc.exe for download or heck
just download and setup vnc and have it connect out to a listener on
your server after you ftp it to the server you have the shell on. This
is easy.

On Thu, Jan 8, 2009 at 8:42 AM, Anthony Cicalla
<anthony.cicalla () gmail com> wrote:
> If you've got command you can also start and stop services through the
> command line.
>
> On Mon, Jan 5, 2009 at 10:59 AM, Ricardo Mourato <ricardomcm () gmail com> wrote:
> > i pentesting people, i've got a shell in a customers server, using an
> > webapp bug (eval() is evil()) :)
> > the server seems to run windows 2003 server, it's known that IIS6 "had
> > many security improvments", such as disabling the cmd.exe for the IIS
> > user, that's why i have used the old fashion "command.com" and voila,
> > i've got a shell, but it is very limited, i'm trying to upload some
> > programs, in order to get a better shell and get admin rights, btw the
> > server is also  running plesk control panel , should i try this in a
> > possible way to get admin?
> >
> > i know that sqlninja can upload files in debug script, i also thinked about that
> > i could  echo "hex stuff" into  %TEMP%/nc.scr for example
> >
> > does anybondy knows how convert a binary in debug script?
> >
> > tnks.
>
>
> --
> Anthony,


-- 
Anthony,