From: Brian Serra (brianserra@earthlink.net)
Date: Wed Apr 23 2003 - 23:04:18 EDT
All,
I have a demonstration seminar coming up shortly and have run into some
problems with getting a Trojan (backdoor, rat) to run after I exploit WebDAV
on a W2k IIS 5.0 sp3 system. The webDAV exploit works fine and I get a
remote command prompt. I then tftp the Trojan up to the IIS system and
execute it. It seems I may not have sufficient permission to run the Trojan
and have it open a listening port. The Trojan will execute and show in the
task manager, but the port will not open. If I execute the Trojan locally it
opens the port fine. This works the same with y3k and beast Trojans.
Any ideas? Do I need to escalate privilege first? If so, any recommendations
on what to use.
Thanks!!
Brian Serra - CISSP
Senior Technical Security Consultant
Vulnerability Assessment and Penetration Testing
847-763-2304 Direct
630-926-4055 Mobile
bserra@forsythesolutions.com
Forsythe Solutions
7440 North Long Avenue, Skokie, IL 60077
Building cost-effective IT infrastructure that organizations trust.
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-pen-test
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT