Vulnerability Development mailing list archives
Re: dos commands via iis 4
From: booboo <booboo () 65535 COM>
Date: Tue, 14 Nov 2000 14:11:52 +0000
I was assuming that the firewall would be configured not to allow tftp out. I have also found that you can copy cmd.exe to the msadc directory which works well too. copying cmd.exe to here worked for redirects but getting certain chars into the file is a problem.. particularly the '=' sign. having perl.exe from the ntreskit on the box is also quite handy but still can't get the '=' sign in. Still trying.. will let you guys know. Cheers, BooBoo. On Thu, 9 Nov 2000, Robert A. Seace wrote:
In the profound words of booboo:Dear Guys, I have been playing around with the latest iis unicode bug using the ..%c0%af.. strings and have had some success. I have been able to get directory listings of all the drives, lists of users and shares and steal files etc.. However, I have not been able to create files. I have been trying to use 'type'with re-directs but it does not seem to like the re-direct symbols. I have tried in quotation marks and using hex but no luck. Does anyone know how to do it.. or has an alternative..I've seen it mentioned elsewhere, that in order to do redirects, you must first copy "cmd.exe" elsewhere (eg: "/scripts"), then execute that copy, and THAT one will allow redirects... I don't understand the reasoning behind why that's necessary, or why it works, nor have I tried it myself, but I've seen it mentioned multiple times... However, a much simpler solution for uploading files is to just run "tftp.exe" or "rcp.exe" (or, various other such commands) to transfer a file from some machine you control... -- ||========================================================================|| || Rob Seace || URL || ras () magrathea com || || AKA: Agrajag || http://www.magrathea.com/~ras/ || rob () wordstock com || ||========================================================================|| "Go bang your heads together, four-eyes." - TRATEOTU
Current thread:
- dos commands via iis 4 booboo (Nov 10)
- Re: dos commands via iis 4 [ K o S a K ] (Nov 10)
- Re: dos commands via iis 4 RayW, CISSP (Nov 11)
- Re: dos commands via iis 4 Nikolaou, Dinos (Nov 11)
- Re: dos commands via iis 4 Bluefish (P.Magnusson) (Nov 23)
- Re: dos commands via iis 4 RayW, CISSP (Nov 11)
- Re: dos commands via iis 4 Robert A. Seace (Nov 11)
- Re: dos commands via iis 4 booboo (Nov 15)
- <Possible follow-ups>
- Re: dos commands via iis 4 Unicraft Systems (Nov 11)
- Re: dos commands via iis 4 [ K o S a K ] (Nov 10)