Full Disclosure mailing list archives
Re: Frontpage Extensions Remote Command Execution
From: "Geoincidents" <geoincidents () getinfo org>
Date: Wed, 12 Nov 2003 19:33:19 -0500
Looking at the description of the IWAM_machinename account on my system,
it
is listed as the "Launch Process Account". IWAM has *no* privileges other than those explicitly granted to Guests, Users, or Everyone.
Open usermanager go to groups look in your MTS Trusted group, what do you see there? IWAM is used to access databases, it's got more than guest. If you can run an application and you have a command line to \system32 and you are a network enabled account (like IWAM) then you are just a few steps from downloading and running any code you want. (I wonder if Brett could try running tftp for us) This isn't limited, just because Brett Moore stopped with C:\WINNT\system32>whoami IWAM_BLACKHOLE doesn't mean Marc from eeye wouldn't have turned this into an automated rooter. The potential is most certainly there, you've got execute, you've got network access, game over. Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Frontpage Extensions Remote Command Execution Brett Moore (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Geo. (Nov 12)
- <Possible follow-ups>
- RE: Frontpage Extensions Remote Command Execution mattmurphy () kc rr com (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Geo. (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Damian Gerow (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Paul Schmehl (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Damian Gerow (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Ricky Blaikie (Nov 12)
- RE: Frontpage Extensions Remote Command Execution mattmurphy () kc rr com (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Geoincidents (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Nick Jacobsen (Nov 12)
- Re[2]: Frontpage Extensions Remote Command Execution Adik (Nov 13)
- RE: Frontpage Extensions Remote Command Execution Marc Maiffret (Nov 13)