i thought redirection ( the '>' and ">>" operators) only woked if you copied cmd.exe to a directory under WEBROOT. no? todd[1] On Sunday 22 July 2001 16:07, you wrote: > you can always just run commands like > > ipconfig /all > c:\intetpub\wwwroot\info.txt > -and- > dir c:\ /s >> c:\intetpub\wwwroot\info.txt > -and- > net view >> c:\intetpub\wwwroot\info.txt > > Have some fun and try diffrent things then point your browser at > http://server/ipinfo.txt > > -mdb > > > > ----Original Message Follows---- > From: "Ismael Valenzuela" <i.valenzuelaat_private> > To: "Penetration Testing (E-mail)" <PEN-TESTat_private> > Subject: NT information leakage > Date: Thu, 19 Jul 2001 09:53:55 +0200 > > Hello. I am conducting a pentest for company using IIS in its web > server. I've successfully exploited the MSDAC RDS bug, so I can > navigate through its hard disk using the command cmd.exe, but with > restricted rights. I can not get the sam._ file in \winnt\repair for > example. > > I would like someone to tell me which files in the NT box can show me > information about the servers in the same subnet, applications > installed, and any other important information. > > Is there any way to get admin rights through this bug i've exploited > ? > > There's also a CheckPoint FW-1 in front of the web server, but it > doesn't filter de port 80, obviously :) > > Thanks in advance. > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.0.1 > > iQA/AwUBO1aSEMqrlGPrxreCEQJrPQCgx38IvrGlCHB/9cUmzhwBE+JupRcAoOVB > R0Z0fS1Ku2FbeuySX+bdxngw > =ei6y > -----END PGP SIGNATURE----- > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > --------------------------------------------------------------------------- >- This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 19:59:50 PDT