cmd.exe / root.exe question

From: karl_napp3@gmx.li
Date: 08/25/01

Previous message: Kevin Kaminski: "RE: MS IIS Lockdown tool"
Next in thread: Phaedrus: "Re: cmd.exe / root.exe question"
Reply: Phaedrus: "Re: cmd.exe / root.exe question"
Reply: Jon Zobrist: "Re: cmd.exe / root.exe question"
Reply: McCammon, Keith: "RE: cmd.exe / root.exe question"
Reply: Matt Andreko: "Re: cmd.exe / root.exe question"
Reply: karl_napp3@gmx.li: "RE[2]: cmd.exe / root.exe question"
Reply: NDR113: "RE[2]: cmd.exe / root.exe question"
Reply: Chris Eidem: "RE: cmd.exe / root.exe question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 25 Aug 2001 21:29:10 +0200 (MEST)
From: karl_napp3@gmx.li
To: focus-ms@securityfocus.com
Subject: cmd.exe / root.exe question
Message-ID: <2269.998767750@www33.gmx.net>

Where exactly is the risk a cmd.exe (under what name ever) is placed in a
scriptable directory? I've put cmd.exe into wwwroot under iis5 and gave
scripting to the file.
Now tried to remotely execute it. I didn't succeed to get a remoteshell. Via
IE5 I could exceute the file but got a local shell, only. Netcat with 'nc
<ip> 80 -v' and 'GET /cmd.exe HTTP/1.0\n' gave my soundchip a ride to hell when
interpreting all the beeps ;-)

If cmd were boud to any port and listening I'd see security implications.
But with only a file lying around?

-- Karl

-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net

Previous message: Kevin Kaminski: "RE: MS IIS Lockdown tool"
Next in thread: Phaedrus: "Re: cmd.exe / root.exe question"
Reply: Phaedrus: "Re: cmd.exe / root.exe question"
Reply: Jon Zobrist: "Re: cmd.exe / root.exe question"
Reply: McCammon, Keith: "RE: cmd.exe / root.exe question"
Reply: Matt Andreko: "Re: cmd.exe / root.exe question"
Reply: karl_napp3@gmx.li: "RE[2]: cmd.exe / root.exe question"
Reply: NDR113: "RE[2]: cmd.exe / root.exe question"
Reply: Chris Eidem: "RE: cmd.exe / root.exe question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]