Re: Is there any known "escape shell" techniques on a IIS/ASP server ?
From: Nicolas Gregoire (ngregoire_at_exaprobe.com)
Date: 02/02/05
- Previous message: Daniel Grzelak: "Exploiting C# Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Frederic Charpentier <fcharpen@xmcopartners.com> Date: Wed, 02 Feb 2005 10:15:40 +0100
Le mardi 25 janvier 2005 à 17:50 +0100, Frederic Charpentier a écrit :
> If I'am allowed to upload ASP programs on a IIS server, am I able to
> escape IIS to send commands to the system ?
You may use CmdAsp.asp [1] ot NtDaddy.asp [2].
[1] : http://www.securiteam.com/tools/5AP020U35C.html
[2] : http://kakos-belas.netfirms.com/ntdaddy.asp
-- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
- Previous message: Daniel Grzelak: "Exploiting C# Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
