We're sorry, but this discussion has just been closed to further replies.

Execute files on Windows systems with only read and write access

I recently tested a windows system which showed a vulnerability in the Trend Micro ServerProtect Service which enables me to UPLOAD and DOWNLOAD files to the server. (Win 2003)

Now I try to figure out how to use this wisely.

1.
I tried the Autoexec.bat, but I does not check it anymore while starting. I would need to add a Registry Key
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]"ParseAutoexec"="1"

2.
So I thought about Tasks and adding a task to the systems task list. But I am not sure if it would work due to the username and password which is required to execute a task.

3.
I tried to retrieve the C:\WINDOWS\repair\sam but it turns out that there is none.

Has anybody had this problem before?
What would you try to do?

Share

▶ Reply to This

Replies to This Discussion

Permalink Reply by Anarchy Angel on February 20, 2009 at 9:53pm: did you test the vulnerability out and verified it really is open and not just a false positive from trendmicro?; ▶ Reply to This

Permalink Reply by V on February 20, 2009 at 10:52pm: Yes it worked.
I downloaded the boot.ini and upped a picture in the webserver root under C:\Inetpub\wwwroot; ▶ Reply to This

Permalink Reply by Anarchy Angel on February 20, 2009 at 11:56pm: well i guess i would have to know more about the environment in which this vuln. is being exploited and the vuln. it self. and then it would depend on what your objectives are. if you just looking for a deface i would just upload a new index "if this vuln lets you overwrite files" lol , if your trying to distribute maleware i would download the current index file, add my payload, and upload my edited version. if your just looking for another box to own i guess i would try and upload a shell.; ▶ Reply to This

RSS

Execute files on Windows systems with only read and write access

Replies to This Discussion

About