Penetration Testing mailing list archives

Re: pen testing iis

From: "Enrique A. Sanchez Montellano" <enrique.sanchez () defcom com>
Date: Mon, 25 Jun 2001 09:35:35 +0200

If you cannot tftp or ftp (happens) just echo the debug equivalent ....=) ... long live debug since its on all windows machines ... then justcompile it on the server and VOILA!!!


debug is your friend!!!

Enrique A. Sanchez Montellano

suntzu wrote:

If you have control of cmd.exe in the web root directory ( via unicode
) you can usually make nt tftp a file to the server of where you nc.exe my
live...

just a suggestion...

-suntzu

On Mon, 18 Jun 2001, ExpLiciT wrote:

Greetings.
I am pen-testing IIS 5 [no hotfixes] running in WinNT 4.0 with no fixes.  At
this point I want to upload a file to the box [nc.exe] and then I will
definately have the box.  How can I go about doing this?

Thanks

--ExpLiciT
        'Firewalls are speed bumps not brick walls'



--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service

For more information on SecurityFocus' SIA service which automatically alerts you tothe latest security vulnerabilities please see:


https://alerts.securityfocus.com/

Current thread:

pen testing iis 5 ExpLiciT (Jun 21)
- Re: pen testing iis suntzu (Jun 24)
  - Re: pen testing iis Enrique A. Sanchez Montellano (Jun 27)
    - Re: pen testing iis Javier Fernandez-Sanguino Peña (Jun 28)
- Re: pen testing iis 5 Javier Fernandez-Sanguino Peña (Jun 27)
- <Possible follow-ups>
- Re: pen testing iis 5 Stephen Friedl (Jun 22)
- Re: pen testing iis 5 Reverend Lola (Jun 22)
- RE: pen testing iis 5 dilbert96 (Jun 24)
- RE: pen testing iis 5 st0ff st0ff (Jun 25)
  - Pen Testing a Oracle database. How to pull data? Osvaldo J . Filho (Jun 26)
    - RE: Pen Testing a Oracle database. How to pull data? Aaron C. Newman (Jun 26)
    - RE: Pen Testing a Oracle database. How to pull data? George Milliken (Jun 26)