Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested.

From: Jon DeShirley (jond@csds.uidaho.edu)
Date: 12/19/02

  • Next message: Kevin Spett: "Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested." 
    Date: Wed, 18 Dec 2002 16:01:10 -0800
From: Jon DeShirley <jond@csds.uidaho.edu>
To: Ralph Los <RLos@enteredge.com>

    > Hey - let me re-open a thread again, if you folks don't mind. I've found a
    > server at one of our pen-test clients with this NetWare HTTP/HTTPS server.

    > Attempt: http://address/perl/-v
    > Result: NetWare port Copyright 1998 Novell Corporation.
    > All rights reserved.

    What does perl -V tell you, if anything at all? If you're lucky, this
    will tell you if you've got libraries available to you with which you
    can have some fun with minimal code. Otherwise, you'll have to code a
    lot of the module functions into your URL.

    > Attempt: http://address/perl/-e%20print%20%22hello%20world%22;
    > Result: IE just hangs there "DONE"
    >
    > Attempt: http://address/perl/-e%20print%201;
    > Result: IE just hangs there "DONE"

    These will hang because your browser doesn't know what kind of content
    to display. Something like this should provide some output:

    http://address/perl/-e%22%20print%20%22Content-type:%20text%2fplain\n\nhello\n%22%22

    FYI, there's a Content-type database here:
    http://reliableanswers.com/ContentType/

    As for what to do, you could probably wire up a quick perl program to
    bind an unprivledged port to a rconsole or just use it to system() some
    commands.

    --jon

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/

    Relevant Pages

    • RE: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 - -As sistence requested.
      ... I remember finding this on a netware server that I was auditing. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: how many clients per server w/ nessus?
      ... We accidentally just had 9 concurrent scans running from various clients. ... The server is a Netra X1 running Solaris 2.8. ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: faster scans? (nmap)
      ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: testing for IP address space leakage in NAT systems
      ... in 20 chance, if the server is IIS, that you will get ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: pen test help please asap
      ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)