Demo of WebDAV exploit with Trojan installation

From: Brian Serra <brianserra(at)earthlink.net>
Date: Wed Apr 23 2003 - 23:04:18 EDT

All,
I have a demonstration seminar coming up shortly and have run into some problems with getting a Trojan (backdoor, rat) to run after I exploit WebDAV on a W2k IIS 5.0 sp3 system. The webDAV exploit works fine and I get a remote command prompt. I then tftp the Trojan up to the IIS system and execute it. It seems I may not have sufficient permission to run the Trojan and have it open a listening port. The Trojan will execute and show in the task manager, but the port will not open. If I execute the Trojan locally it opens the port fine. This works the same with y3k and beast Trojans.

Any ideas? Do I need to escalate privilege first? If so, any recommendations on what to use.

Thanks!!

Brian Serra - CISSP
Senior Technical Security Consultant
Vulnerability Assessment and Penetration Testing 847-763-2304 Direct
630-926-4055 Mobile
bserra@forsythesolutions.com

Forsythe Solutions
7440 North Long Avenue, Skokie, IL 60077

Building cost-effective IT infrastructure that organizations trust.

---

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-pen-test

---

Received on Thu Apr 24 12:59:05 2003