From: Kish Pent (kish_pent@yahoo.com)
Date: Sun Nov 25 2007 - 02:31:34 EST
Hi Danux,
It's a bit cheeky to know you never tried c99 php
backdoor, c99.php.
If you're not aware of it, look into this paper
http://www.milw0rm.com/papers/111
Cheers :)
Kish
--- Danux <danuxx@gmail.com> wrote:
> Hi experts, i need your ideas,
>
> By now, i am able to upload php files to a Windows
> 2003 Server, so i
> can execute php code like phpinfo, but i cant
> execute passthru command
> because of lack of IUSR_MACHINE privileges.
> I have run some local php bof's without success.
>
> Do you have another idea to break into the server
> through php code uploaded?
>
> Cheers!!!!!
>
> --
> Danux, CISSP
> Chief Information Security Officer
> Macula Security Consulting Group
> www.macula-group.com
>
--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar,
Chennai - 600 017
Phone: 91 98841 80767
____________________________________________________________________________________
Get easy, one-click access to your favorites.
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:13 EDT