All, I have a demonstration seminar coming up shortly and have run into some problems with getting a Trojan (backdoor, rat) to run after I exploit WebDAV on a W2k IIS 5.0 sp3 system. The webDAV exploit works fine and I get a remote command prompt. I then tftp the Trojan up to the IIS system and execute it. It seems I may not have sufficient permission to run the Trojan and have it open a listening port. The Trojan will execute and show in the task manager, but the port will not open. If I execute the Trojan locally it opens the port fine. This works the same with y3k and beast Trojans. Any ideas? Do I need to escalate privilege first? If so, any recommendations on what to use. Thanks!! Brian Serra - CISSP Senior Technical Security Consultant Vulnerability Assessment and Penetration Testing 847-763-2304 Direct 630-926-4055 Mobile bserraat_private Forsythe Solutions 7440 North Long Avenue, Skokie, IL 60077 Building cost-effective IT infrastructure that organizations trust. --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 09:58:41 PDT