Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problems on the DOS-Prompt

From: "Rainer Duffner" <rainer () ultra-secure de>
Date: Mon, 17 Sep 2001 17:31:26 GMT
Oliver.Karow () gmx de writes:
Hi, 
maybe the problem is that you started NC in the LogonSession of the SYSTEM
Account, which is in most cases the Account in which the IIS prozess is
running. (This depends on the exploit you are using ;)
The system account has nor permissions outside of the local system. Which
means you can't use some of the NET-Commands.


Yes, I've now learned that.
Getting the SAM and assuming we can find a password, we tried to use
su.exe to mount a share as that user (administrator). 
But again, (after playing with ntrights), this didn't fully succeed.
The drive appears in the explorer as mapped, but nobody seems to be
able to access it.
Adding the IUSR to the admin-group didn't help either. 
Are there any obvious pitfalls we missed ?
Or is this not feasable at all ? 
cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer () ultra-secure de          Germany
http://www.i-duffner.de        Freising
========================================
   When shall we three meet again
 In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: