Re: Is there any known "escape shell" techniques on a IIS/ASP server ?

From: Nicolas Gregoire (ngregoire@exaprobe.com)
Date: Wed Feb 02 2005 - 04:15:40 EST

• Next message: William Allsopp: "Re: Google getting smarter ?!?!"
• Previous message: Daniel Grzelak: "Exploiting C# Issues"
• In reply to: Frederic Charpentier: "Is there any known "escape shell" techniques on a IIS/ASP server ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Le mardi 25 janvier 2005 à 17:50 +0100, Frederic Charpentier a écrit :

> If I'am allowed to upload ASP programs on a IIS server, am I able to
> escape IIS to send commands to the system ?

You may use CmdAsp.asp [1] ot NtDaddy.asp [2].

[1] : http://www.securiteam.com/tools/5AP020U35C.html
[2] : http://kakos-belas.netfirms.com/ntdaddy.asp

-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F

• Next message: William Allsopp: "Re: Google getting smarter ?!?!"
• Previous message: Daniel Grzelak: "Exploiting C# Issues"
• In reply to: Frederic Charpentier: "Is there any known "escape shell" techniques on a IIS/ASP server ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT