From: brad Causey (bradcausey@gmail.com)
Date: Thu Aug 03 2006 - 23:07:05 EDT
Mike,
Have you been able to validate that the NC.exe proc is listening? You
could insert a "netstat -a" into a table via the xp_cmd or maybe the
results of "wmic PROCESS list" (you may have to run wmic once to enable
the WMI CLI)
-Brad
Mike Klingler wrote:
> Guys,
> I am working on a pen test and have had a lot of success wothing
> with sql injection to get to the database. I moved on to try to
> obtain shell access. I have been able to upload netcat.exe via tftp.
> However I haven't been able to get the system to connect to my landing
> point with netcat either outbound reverse or inbound standard. Even
> when using UPD port 69 (The same port that the tftp transaction
> occurs) I was able to get a connection from the test system with the
> same parameters. I can execute command line paramteres via the
> master..xp_cmdshell sql command and get feed back from the execution
> of the command via bulk inserts into create tables, but I haven't been
> able to get the remote shell. The user account appears to be limited
> since I don't have access to the windows folders. Does anyone have
> any advice for me that would allow me to obtain remote shell? I would
> love to use this system as a launching pad for others on the LAN.
> Thanks
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:32 EDT