Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: IIS & w2k

Re: IIS & w2k

From: Tom Fischer <Tom.Fischer_at_rus.uni-stuttgart.de>
Date: Mon, 4 Jun 2001 21:54:56 +0200

Hi,

On Mon, Jun 04, 2001 at 09:49:05AM -0500, Luis Javier Perez wrote:
> I'm actually doing a pt, and i'm facing a trouble, the scenario has a web
> server with w2k and iis 5.0, now i have put netcat listening on port 99 and
> i can browse files and stuff like that but i need to scale privileges, i
> tried hk but it fails.. is there something like hk for win2k???
elevation of previleges on Windows 2000:
- MS00-053 (Service Control Manager Named Pipe Impersonation)
  exploitcode (adds the current user to the local administrator group)
  is available (pipeupadmin)
- MS01-007 (Network DDE Agent Request ...)
  proof of concept code available (http://www.atstake.com)
- Gunsiki #45 (Elevation of privileges with debug registers on Win2K)
  proof of concept code (http://www.guninski.com/dr07.html)
...

ciao,
Tom Fischer
Received on Jun 05 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos