Hosting Provided By

Pen on IIS with webroot not on C

From: A. Caruso <acaruso(at)houston.rr.com>
Date: Wed Mar 12 2003 - 04:54:30 EST

I have been muking around with different file system traversal exploits for IIS and playing with some of the tools. Most of the tools depend on the default install of IIS with webroot on c:. I've moved webroot to d: on my toybox and haven't been able to jump back to c: to get a shell (cmd). Does anyone know of a mechanism to "jump" file systems. I haven't been able to find anything after RFP said (in his unicode paper) the syntax doesn't exist to do this. (I think that's where I saw it). eg
GET /scripts/../../../%systemroot%/cmd.exe (insert appropriate unicode)

Short of jumping file systems, what about uploading a shell to webroot through the .ida vuln? (I left those patches off for play).

Thanks.

-Tony

Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html Received on Wed Mar 12 09:37:17 2003

This message: [ Message body ]
Next message: Ivan Arce: "Re: Penetration Testing or Vulnerability Scanning?"
Previous message: miguel.dilaj(at)pharma.novartis.com: "Re: A little Help with Pen Testing My systems!"
Next in thread: Javier Fernandez-Sanguino: "Re: Pen on IIS with webroot not on C"
Reply: Javier Fernandez-Sanguino: "Re: Pen on IIS with webroot not on C"
Reply: Nicolas Gregoire: "Re: Pen on IIS with webroot not on C"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:34 EDT