Penetration Testing mailing list archives
Re: clue on shell
From: NeZa <danuxx () gmail com>
Date: Thu, 8 Jan 2009 00:24:53 -0600
Hi, Taking into consideration that you already know how to upload files!!!!! i mean through tftp or php program so on..... In my experience what i did in the past is to upload a new copy of cmd.exe file to the server (taking care of the same W2K3 version and Service Pack so that it can get executed) in a writable directory, and obviously the onwer of this file is IUSR_Machine so you can execute it, then upload a windows netcat version, then execute reverse shell with netcat through my cmd.exe binary file and get a remote shell!!! May be your reverse shell might need to do a 80 port connection to outside so that you do not get filtered by the Firewall!!!! My two cents!!!!! On Tue, Jan 6, 2009 at 6:13 PM, Joshua Gimer <jgimer () gmail com> wrote:
On Mon, Jan 5, 2009 at 11:59 AM, Ricardo Mourato <ricardomcm () gmail com> wrote:i've got a shell, but it is very limited, i'm trying to upload some programs, in order to get a better shell and get admin rightsYou could also start the telnet service: sc start TlntSvr or net start TlntSvr Just be careful when performing your tests that you do not weaken the security posture of then system too much, the point is to determine high risk areas not create them. -- Thx Joshua Gimer
-- Daniel Regalado aka NeZa Hacker Wanna Be from Nezahualcoyotl www.macula-group.com
Current thread:
- clue on shell Ricardo Mourato (Jan 05)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell ArcSighter Elite (Jan 06)
- Re: clue on shell Ricardo Mourato (Jan 06)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Christophe Kiciak (Jan 06)
- Re: clue on shell rajat swarup (Jan 06)
- Re: clue on shell Joshua Gimer (Jan 07)
- Re: clue on shell ArcSighter Elite (Jan 08)
- Re: clue on shell NeZa (Jan 08)
- Message not available
- Re: clue on shell Anthony Cicalla (Jan 09)
- Re: clue on shell Robin Wood (Jan 06)
- Re: clue on shell Anthony Cicalla (Jan 09)