From: nobody (pentester@yahoo.com)
Date: Thu Jul 18 2002 - 13:29:22 EDT
Help,
I am aware of all that the xp_cmdshell can do once you
have it and it runs with the authority/context that
you need.
While dumpster diving for .bat, .sql, .log, .iss ,
.cmd or .bak files
I sometimes want to see the contents of the file with
a quick NT DOS command:
xp_cmdshell "type c:\program files\esm\agent.iss"
The NT TYPE command works if I enclose the whole
drive:\path with double quotes - the space in between
the program files is the problem
I cannot figure out the syntax for adding double
quotes around this - inside the above xp_cmdshell
command.
I have searched the web and found good sql references
- but have not found out how to get those "" inside
the xp_cmdshell.
anyone ?
sending the file via TFTP is not always allowed or
advisable - since most IDS can be easily setup to see
all tftp get/puts - also - I am aware of the other
ways to get the file - sharing out the drive etc..
__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT