Vulnerability Development mailing list archives

Re: dos commands via iis 4

From: booboo <booboo () 65535 COM>
Date: Tue, 14 Nov 2000 14:11:52 +0000

I was assuming that the firewall would be configured not to allow tftp
out. I have also found that you can copy cmd.exe to the msadc directory
which works well too. copying cmd.exe to here worked for redirects but
getting certain chars into the file is a problem.. particularly the '='
sign. having perl.exe from the ntreskit on the box is also quite handy but
still can't get the '=' sign in. Still trying.. will let you guys know.

Cheers, BooBoo.

On Thu, 9 Nov 2000, Robert A. Seace wrote:

In the profound words of booboo:


Dear Guys,
    I have been playing around with the latest iis unicode bug using
the ..%c0%af.. strings and have had some success. I have been able to get
directory listings of all the drives, lists of users and shares and steal
files etc.. However, I have not been able to create files. I have been
trying to use 'type'with re-directs but it does not seem to like the
re-direct symbols. I have tried in quotation marks and using hex but no
luck. Does anyone know how to do it.. or has an alternative..


      I've seen it mentioned elsewhere, that in order to do
redirects, you must first copy "cmd.exe" elsewhere (eg: "/scripts"),
then execute that copy, and THAT one will allow redirects...
I don't understand the reasoning behind why that's necessary,
or why it works, nor have I tried it myself, but I've seen it
mentioned multiple times...

      However, a much simpler solution for uploading files is
to just run "tftp.exe" or "rcp.exe" (or, various other such
commands) to transfer a file from some machine you control...

--
||========================================================================||
||    Rob Seace    ||               URL              || ras () magrathea com ||
||  AKA: Agrajag   || http://www.magrathea.com/~ras/ || rob () wordstock com ||
||========================================================================||
"Go bang your heads together, four-eyes." - TRATEOTU

Current thread:

dos commands via iis 4 booboo (Nov 10)
- Re: dos commands via iis 4 [ K o S a K ] (Nov 10)
  - Re: dos commands via iis 4 RayW, CISSP (Nov 11)
    - Re: dos commands via iis 4 Nikolaou, Dinos (Nov 11)
    - Re: dos commands via iis 4 Bluefish (P.Magnusson) (Nov 23)
- Re: dos commands via iis 4 Robert A. Seace (Nov 11)
  - Re: dos commands via iis 4 booboo (Nov 15)
- <Possible follow-ups>
- Re: dos commands via iis 4 Unicraft Systems (Nov 11)