Re: NT information leakage

From: todd (todd@ubermother.net)
Date: 07/23/01


From: todd <todd@ubermother.net>
To: pen-test@securityfocus.com
Subject: Re: NT information leakage
Date: Sun, 22 Jul 2001 21:04:19 -0400
Message-Id: <01072221041900.13749@ubermother.net>

i thought redirection ( the '>' and ">>" operators) only woked if you copied
cmd.exe to a directory under WEBROOT. no?

todd[1]

On Sunday 22 July 2001 16:07, you wrote:
> you can always just run commands like
>
> ipconfig /all > c:\intetpub\wwwroot\info.txt
> -and-
> dir c:\ /s >> c:\intetpub\wwwroot\info.txt
> -and-
> net view >> c:\intetpub\wwwroot\info.txt
>
> Have some fun and try diffrent things then point your browser at
> http://server/ipinfo.txt
>
> -mdb
>
>
>
> ----Original Message Follows----
> From: "Ismael Valenzuela" <i.valenzuela@topfutbol.com>
> To: "Penetration Testing (E-mail)" <PEN-TEST@securityfocus.com>
> Subject: NT information leakage
> Date: Thu, 19 Jul 2001 09:53:55 +0200
>
> Hello. I am conducting a pentest for company using IIS in its web
> server. I've successfully exploited the MSDAC RDS bug, so I can
> navigate through its hard disk using the command cmd.exe, but with
> restricted rights. I can not get the sam._ file in \winnt\repair for
> example.
>
> I would like someone to tell me which files in the NT box can show me
> information about the servers in the same subnet, applications
> installed, and any other important information.
>
> Is there any way to get admin rights through this bug i've exploited
> ?
>
> There's also a CheckPoint FW-1 in front of the web server, but it
> doesn't filter de port 80, obviously :)
>
> Thanks in advance.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.1
>
> iQA/AwUBO1aSEMqrlGPrxreCEQJrPQCgx38IvrGlCHB/9cUmzhwBE+JupRcAoOVB
> R0Z0fS1Ku2FbeuySX+bdxngw
> =ei6y
> -----END PGP SIGNATURE-----
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> ---------------------------------------------------------------------------
>- This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA) Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: CFM SQL injection
    ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wardialing
    ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: How to Tackle the Legal Tangle?
    ... How to Tackle the Legal Tangle? ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)