Oliver.Karowat_private writes: > Hi, > > maybe the problem is that you started NC in the LogonSession of the SYSTEM > Account, which is in most cases the Account in which the IIS prozess is > running. (This depends on the exploit you are using ;) > The system account has nor permissions outside of the local system. Which > means you can't use some of the NET-Commands. Yes, I've now learned that. Getting the SAM and assuming we can find a password, we tried to use su.exe to mount a share as that user (administrator). But again, (after playing with ntrights), this didn't fully succeed. The drive appears in the explorer as mapped, but nobody seems to be able to access it. Adding the IUSR to the admin-group didn't help either. Are there any obvious pitfalls we missed ? Or is this not feasable at all ? cheers, Rainer -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Rainer Duffner Munich rainer@ultra-secure.de Germany http://www.i-duffner.de Freising ======================================== When shall we three meet again In thunder, lightning, or in rain? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 11:11:53 PDT