Re: NT information leakage

From: todd (toddat_private)
Date: Sun Jul 22 2001 - 18:04:19 PDT

Next message: mhtat_private: "RE: HP3000"

Previous message: Enno Rey: "RE: Cisco Config Files?"
In reply to: Mike Brentlinger: "Re: NT information leakage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i thought redirection ( the '>' and ">>" operators) only woked if you copied 
cmd.exe to a directory under WEBROOT. no?

todd[1]

On Sunday 22 July 2001 16:07, you wrote:
> you can always just run commands like
>
> ipconfig /all > c:\intetpub\wwwroot\info.txt
> -and-
> dir c:\ /s >> c:\intetpub\wwwroot\info.txt
> -and-
> net view >> c:\intetpub\wwwroot\info.txt
>
> Have some fun and try diffrent things then point your browser at
> http://server/ipinfo.txt
>
> -mdb
>
>
>
> ----Original Message Follows----
> From: "Ismael Valenzuela" <i.valenzuelaat_private>
> To: "Penetration Testing (E-mail)" <PEN-TESTat_private>
> Subject: NT information leakage
> Date: Thu, 19 Jul 2001 09:53:55 +0200
>
> Hello. I am conducting a pentest for company using IIS in its web
> server. I've successfully exploited the MSDAC RDS bug, so I can
> navigate through its hard disk using the command cmd.exe, but with
> restricted rights. I can not get the sam._ file in \winnt\repair for
> example.
>
> I would like someone to tell me which files in the NT box can show me
> information about the servers in the same subnet, applications
> installed, and any other important information.
>
> Is there any way to get admin rights through this bug i've exploited
> ?
>
> There's also a CheckPoint FW-1 in front of the web server, but it
> doesn't filter de port 80, obviously :)
>
> Thanks in advance.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.1
>
> iQA/AwUBO1aSEMqrlGPrxreCEQJrPQCgx38IvrGlCHB/9cUmzhwBE+JupRcAoOVB
> R0Z0fS1Ku2FbeuySX+bdxngw
> =ei6y
> -----END PGP SIGNATURE-----
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> ---------------------------------------------------------------------------
>- This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA) Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: mhtat_private: "RE: HP3000"
Previous message: Enno Rey: "RE: Cisco Config Files?"
In reply to: Mike Brentlinger: "Re: NT information leakage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 19:59:50 PDT