Metasploit mailing list archives
Runing application remote server side
From: tplastino at sses.net (Anthony R. Plastino III)
Date: Tue, 20 Jun 2006 22:33:27 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Given the snippet of the message, it seems to me that this person has found an open share. Upon mounting the share, the filesystem seems to allow reading/writing of files. Unfortunately, there is no easy method for remotely executing code in this context. This would depend on having access to a valid account, not simply mounting the IPC$ as a null user. The framework operates mostly on exploited vulnerabilities (on a host) which allow that host to be manipulated remotely at a far deeper level than mounting a share. The mounting of a share, while certainly a vulnerability, takes advantage of a host's misconfiguration, but allows the host to perform a 'normal' function of being a file server; it has not been made to do something it was not intended to do. Injecting shell code into an overflowed buffer on the other hand forces the host to perform outside of its 'normal' function by allowing (for example) a remote shell to be presented to an unauthorized entity in the context (we hope) of SYSTEM, thereby giving up something better than console access. I am not aware of a framework exploit that can take advantage of a mounted share (although I admit that I am not an uber user yet :) ). There are other applications that do (if you have a valid user) such as Hyena, which have the ability to invoke the scheduler to run an application. regards, Anthony R. Plastino III Nicolas RUFF wrote:
i have a problem about running a ".exe" file remotely in a windows 2003 server. i have access to server to upload, read, and write some files to server remotely. but i need to execute my uploaded ".exe" file remotely on server (server-side)What do you mean by "I cannot execute files" ? (Error message ?) Can you execute standard system binaries, like CMD.EXE ? What does the CACLS command says ? Who is given execute access ? Are you sure the %TMP% and %TEMP% directories are not executable ? (Basically every installer will drop EXE files in these directories) We lack context here ... Regards, - Nicolas RUFF
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFEmK/1zbfRtqd9C2YRAr0gAKCTmB/Y5fOLBmCEelSGgADFpsACEACcDsr8 jBa4NXScfXnFrjk7A6CJLbI= =qKVu -----END PGP SIGNATURE-----
Current thread:
- Runing application remote server side Omid ... (Jun 02)
- Runing application remote server side Jerome Athias (Jun 03)
- Runing application remote server side Omid ... (Jun 03)
- Runing application remote server side Jerome Athias (Jun 03)
- Runing application remote server side Omid ... (Jun 03)
- Runing application remote server side Nicolas RUFF (Jun 20)
- Runing application remote server side Anthony R. Plastino III (Jun 20)
- Runing application remote server side Pusscat (Jun 21)
- Runing application remote server side Leonardo Joicaliuc (Jun 21)
- Runing application remote server side Anthony R. Plastino III (Jun 20)
- Runing application remote server side Jerome Athias (Jun 03)