From: Kish Pent (kish_pent@yahoo.com)
Date: Sun Nov 25 2007 - 02:31:34 EST
Hi Danux,
It's a bit cheeky to know you never tried c99 php
backdoor, c99.php.
If you're not aware of it, look into this paper
http://www.milw0rm.com/papers/111
Cheers :)
Kish
--- Danux <danuxx@gmail.com> wrote:
> Hi experts, i need your ideas,
>
> By now, i am able to upload php files to a Windows
> 2003 Server, so i
> can execute php code like phpinfo, but i cant
> execute passthru command
> because of lack of IUSR_MACHINE privileges.
> I have run some local php bof's without success.
>
> Do you have another idea to break into the server
> through php code uploaded?
>
> Cheers!!!!!
>
> --
> Danux, CISSP
> Chief Information Security Officer
> Macula Security Consulting Group
> www.macula-group.com
>
-- Kishore, Penetration Tester, 17/1,Upstairs,Sarojini St, Smart Security, T.Nagar, Chennai - 600 017 Phone: 91 98841 80767 ____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:13 EDT