Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: remote shell on windows 2000 server.
From: brad Causey (bradcauseygmail.com)
Date: Thu Aug 03 2006 - 22:07:05 CDT
Have you been able to validate that the NC.exe proc is listening? You
could insert a "netstat -a" into a table via the xp_cmd or maybe the
results of "wmic PROCESS list" (you may have to run wmic once to enable
the WMI CLI)
Mike Klingler wrote:
> I am working on a pen test and have had a lot of success wothing
> with sql injection to get to the database. I moved on to try to
> obtain shell access. I have been able to upload netcat.exe via tftp.
> However I haven't been able to get the system to connect to my landing
> point with netcat either outbound reverse or inbound standard. Even
> when using UPD port 69 (The same port that the tftp transaction
> occurs) I was able to get a connection from the test system with the
> same parameters. I can execute command line paramteres via the
> master..xp_cmdshell sql command and get feed back from the execution
> of the command via bulk inserts into create tables, but I haven't been
> able to get the remote shell. The user account appears to be limited
> since I don't have access to the windows folders. Does anyone have
> any advice for me that would allow me to obtain remote shell? I would
> love to use this system as a launching pad for others on the LAN.
- application/pgp-signature attachment: OpenPGP digital signature