There area number of things you can do. You can upload cmdasp.asp to the any folder within the web root which you can pretty much reach through your browser. One very good folder that I normally use is the images folder. Cmdasp.asp will give you command line access to the web server using your browser, giving you the ability to execute commands. The advantage of this is that if the web server is behind a firewall, then port 80 may most likely be the only port allowed through to the web server through the firewall. In this scenario, the firewall cannot protect the mis-configured web server. However if the web server is not behind a firewall, you may consider loading a small telnet server like icmd.exe unto the web server, but then you will still need to start the telnet server on a chosen port, giving you normal telnet access to the server. icmd.exe enables you to put a password, but it may not be advisable to run it for too long as it supports multiple sessions and another attacker may get command line access to the server if they can crack the password, meaning in the process of testing the web server, the web server may be hacked. There may legal implications so you may want to exercise some caution in using a tool like icmd.exe. Hope this information helps. regards Ola -----Original Message----- From: Tim Russo [mailto:trussoat_private] Sent: Friday, September 28, 2001 2:03 PM To: pen-testat_private Subject: HTTP PUT exploitation Quick question. I have a client who has a misconfigured IIS server (that's new) which allows anyone to do HTTP PUT commands and place files on the www server. Is exploiting this as simple as "putting" something like netcat in the cgi-bin directory and running it with the port listen options? What if you cannot place files in the cgi-bin directory? How can I use PUT to get a shell on this system? I know this is a basic question but this is the first time I found someone has actually done this. -Tim ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Sep 30 2001 - 12:58:29 PDT