Re: cmd.exe / root.exe question
From: Matt Andreko (mandreko@ori.net)Date: 08/27/01
- Previous message: Jeremy Rodriguez: "apache on NT"
- In reply to: karl_napp3@gmx.li: "cmd.exe / root.exe question"
- Next in thread: karl_napp3@gmx.li: "RE[2]: cmd.exe / root.exe question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <004101c12f13$24672c70$2101a8c0@mandreko> From: "Matt Andreko" <mandreko@ori.net> To: <karl_napp3@gmx.li>, <focus-ms@securityfocus.com> Subject: Re: cmd.exe / root.exe question Date: Mon, 27 Aug 2001 11:12:59 -0500
You may have to have the folder as "Executable" instead of "Scriptable". I
know that when i wanted to run some .exe cgi scripts (bad me...) i had to
make it executable or the files wouldn't execute
----- Original Message -----
From: <karl_napp3@gmx.li>
To: <focus-ms@securityfocus.com>
Sent: Saturday, August 25, 2001 2:29 PM
Subject: cmd.exe / root.exe question
> Where exactly is the risk a cmd.exe (under what name ever) is placed in a
> scriptable directory? I've put cmd.exe into wwwroot under iis5 and gave
> scripting to the file.
> Now tried to remotely execute it. I didn't succeed to get a remoteshell.
Via
> IE5 I could exceute the file but got a local shell, only. Netcat with 'nc
> <ip> 80 -v' and 'GET /cmd.exe HTTP/1.0\n' gave my soundchip a ride to hell
when
> interpreting all the beeps ;-)
>
> If cmd were boud to any port and listening I'd see security implications.
> But with only a file lying around?
>
>
> --
> Karl
>
> --
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net
>
>
>
- Previous message: Jeremy Rodriguez: "apache on NT"
- In reply to: karl_napp3@gmx.li: "cmd.exe / root.exe question"
- Next in thread: karl_napp3@gmx.li: "RE[2]: cmd.exe / root.exe question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
