Dailydave mailing list archives
Re: New mediaservices sploit
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Sat, 13 Mar 2004 16:07:49 -0600
It is a stripped down Apache2 install, no mod_cgi, no mod_ssi. Assume the system is firewalled both ways and there are no third-party or system-installed web services (besides this one). The NTLM hijack is simple, but there are a dozen other ways to do it, I was wondering if anyone knew how to execute a command simply by writing a file to the OS somewhere. I beat my head against it off and on for a couple months, was wondering if anyone had some r33t tknqz to share :) -HD On Saturday 13 March 2004 13:32, some people wrote:
It is running as system, and you can if IIS is running... but you can also upload any file :)
You can't write a .asp file into the scripts directory? Or a .dll? I assume not. You're running as SYSTEM? Why not write to \\myserver\\ and steal the token and relogin through NTLM auth?
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- New mediaservices sploit Dave Aitel (Mar 13)
- Re: New mediaservices sploit H D Moore (Mar 13)
- Re: New mediaservices sploit Dave Aitel (Mar 13)
- Re: New mediaservices sploit wirepair (Mar 13)
- Re: New mediaservices sploit H D Moore (Mar 13)
- RE: New mediaservices sploit Brett Moore (Mar 14)
- RE: New mediaservices sploit Dave Aitel (Mar 14)
- Re: New mediaservices sploit Dave Aitel (Mar 13)
- Re: New mediaservices sploit H D Moore (Mar 13)
- Re: New mediaservices sploit wirepair (Mar 13)
- execution by WriteToFile? (was Re: New mediaservices sploit) Max Vision (Mar 14)