cmdasp.asp & unicode

From: Mike Ahern (mc_ahernat_private)
Date: Thu Aug 16 2001 - 08:55:58 PDT

  • Next message: Adams, Mark: "Wireless Recon with NetStumbler"

    Q.) ...Why cant i delete the files i have uploaded to
    c:\inetpub\scripts? The user SIVAC should be
    allowed... if i can write in the directory i should be
    allowed to delete too...
    A.) Based on what I have had to do in the past...
    Chances are either you need to run the attrib command
    from the command line prior to trying to delete the
    attrib -r -h -s <filename>
    or the file is in use:
    for example, netcat has a connection open and so you
    can't delete it while it is in use.
    You should be able to use the unicode strings from a
    browser directly to accomplish what you want to do
    (i.e. delete certain files), or from a remote shell:
    My advice, forget using cmdasp at this point. It's
    just a quick and simple way to get things going, not
    some place you should stay during all your pentest
    efforts. Hopefully you have been able to get a remote
    shell via netcat, or via similar software. It's alot
    cleaner and nicer to work interactively from the shell
    than from using a browser or script to execute
    commands once you get that far. Tho for quick and
    dirty things, and if it serves your purposes, who
    cares?? Use what works for you!
     - Mike
    Do You Yahoo!?
    Make international calls for as low as $.04/minute with Yahoo! Messenger
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 09:19:39 PDT