you can always just run commands like ipconfig /all > c:\intetpub\wwwroot\info.txt -and- dir c:\ /s >> c:\intetpub\wwwroot\info.txt -and- net view >> c:\intetpub\wwwroot\info.txt Have some fun and try diffrent things then point your browser at http://server/ipinfo.txt -mdb ----Original Message Follows---- From: "Ismael Valenzuela" <i.valenzuelaat_private> To: "Penetration Testing (E-mail)" <PEN-TESTat_private> Subject: NT information leakage Date: Thu, 19 Jul 2001 09:53:55 +0200 Hello. I am conducting a pentest for company using IIS in its web server. I've successfully exploited the MSDAC RDS bug, so I can navigate through its hard disk using the command cmd.exe, but with restricted rights. I can not get the sam._ file in \winnt\repair for example. I would like someone to tell me which files in the NT box can show me information about the servers in the same subnet, applications installed, and any other important information. Is there any way to get admin rights through this bug i've exploited ? There's also a CheckPoint FW-1 in front of the web server, but it doesn't filter de port 80, obviously :) Thanks in advance. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBO1aSEMqrlGPrxreCEQJrPQCgx38IvrGlCHB/9cUmzhwBE+JupRcAoOVB R0Z0fS1Ku2FbeuySX+bdxngw =ei6y -----END PGP SIGNATURE----- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 14:00:39 PDT