Re: NT information leakage

["Mike Brentlinger" <mdbrentlinger () hotmail com>]

you can always just run commands like

ipconfig /all > c:\intetpub\wwwroot\info.txt
-and-
dir c:\ /s >> c:\intetpub\wwwroot\info.txt
-and-
net view >> c:\intetpub\wwwroot\info.txt

Have some fun and try diffrent things then point your browser at 
http://server/ipinfo.txt

-mdb



----Original Message Follows----
From: "Ismael Valenzuela" <i.valenzuela () topfutbol com>
To: "Penetration Testing (E-mail)" <PEN-TEST () securityfocus com>
Subject: NT information leakage
Date: Thu, 19 Jul 2001 09:53:55 +0200

Hello. I am conducting a pentest for company using IIS in its web
server. I've successfully exploited the MSDAC RDS bug, so I can
navigate through its hard disk using the command cmd.exe, but with
restricted rights. I can not get the sam._ file in \winnt\repair for
example.

I would like someone to tell me which files in the NT box can show me
information about the servers in the same subnet, applications
installed, and any other important information.

Is there any way to get admin rights through this bug i've exploited
?

There's also a CheckPoint FW-1 in front of the web server, but it
doesn't filter de port 80, obviously :)

Thanks in advance.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBO1aSEMqrlGPrxreCEQJrPQCgx38IvrGlCHB/9cUmzhwBE+JupRcAoOVB
R0Z0fS1Ku2FbeuySX+bdxngw
=ei6y
-----END PGP SIGNATURE-----


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/