Re: NT information leakage

From: todd (todd@ubermother.net)
Date: 07/23/01


From: todd <todd@ubermother.net>
To: pen-test@securityfocus.com
Subject: Re: NT information leakage
Date: Sun, 22 Jul 2001 21:04:19 -0400
Message-Id: <01072221041900.13749@ubermother.net>

i thought redirection ( the '>' and ">>" operators) only woked if you copied
cmd.exe to a directory under WEBROOT. no?

todd[1]

On Sunday 22 July 2001 16:07, you wrote:
> you can always just run commands like
>
> ipconfig /all > c:\intetpub\wwwroot\info.txt
> -and-
> dir c:\ /s >> c:\intetpub\wwwroot\info.txt
> -and-
> net view >> c:\intetpub\wwwroot\info.txt
>
> Have some fun and try diffrent things then point your browser at
> http://server/ipinfo.txt
>
> -mdb
>
>
>
> ----Original Message Follows----
> From: "Ismael Valenzuela" <i.valenzuela@topfutbol.com>
> To: "Penetration Testing (E-mail)" <PEN-TEST@securityfocus.com>
> Subject: NT information leakage
> Date: Thu, 19 Jul 2001 09:53:55 +0200
>
> Hello. I am conducting a pentest for company using IIS in its web
> server. I've successfully exploited the MSDAC RDS bug, so I can
> navigate through its hard disk using the command cmd.exe, but with
> restricted rights. I can not get the sam._ file in \winnt\repair for
> example.
>
> I would like someone to tell me which files in the NT box can show me
> information about the servers in the same subnet, applications
> installed, and any other important information.
>
> Is there any way to get admin rights through this bug i've exploited
> ?
>
> There's also a CheckPoint FW-1 in front of the web server, but it
> doesn't filter de port 80, obviously :)
>
> Thanks in advance.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.1
>
> iQA/AwUBO1aSEMqrlGPrxreCEQJrPQCgx38IvrGlCHB/9cUmzhwBE+JupRcAoOVB
> R0Z0fS1Ku2FbeuySX+bdxngw
> =ei6y
> -----END PGP SIGNATURE-----
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> ---------------------------------------------------------------------------
>- This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA) Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/