Re: escalating IUSR to admin rights via unicode and iis4

From: Jeanette LaRosa (bluehondaat_private)
Date: Thu Jul 11 2002 - 14:46:50 PDT

Next message: Jeremy Junginger: "RE: Can't get a shell"

Previous message: Rico Valdez: "RE: Can't get a shell"
Maybe in reply to: ewvtwviat_private: "escalating IUSR to admin rights via unicode and iis4"
Next in thread: juan.francisco.falconat_private: "Re: escalating IUSR to admin rights via unicode and iis4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <200207091718.g69HIFI92011at_private> Upload the cmdasp script from Maceo to the victim server. It will give you a form interface to submit commands that will run as SYSTEM on IIS4. You used to be able to download it from http://www.dogmile.com/files, but this site seems to have disappeared. (Anyone know if Maceo has a new site?) You should be able to cut and paste the code from here: http://www.securiteam.com/tools/CmdAsp_asp_checks_your _last_line_of_defense.html JL ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

Next message: Jeremy Junginger: "RE: Can't get a shell"
Previous message: Rico Valdez: "RE: Can't get a shell"
Maybe in reply to: ewvtwviat_private: "escalating IUSR to admin rights via unicode and iis4"
Next in thread: juan.francisco.falconat_private: "Re: escalating IUSR to admin rights via unicode and iis4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 16:30:22 PDT