Newbie questions
Results 1 to 5 of 5

Thread: Newbie questions

  1. #1
    Junior Member
    Join Date
    Apr 2006
    Posts
    2
    hey guys, i'm a noob and i'm confused about this command script written as a netcat command script. can someone translate this script?? i mean what each part is for.

    for example, the script is:

    C:TMP/NC/nc -v -n ristbook 80
    ristbook [128.1.71.103] 80 http (open)
    get http://ristbook/scripts/..%255c../wi....exe?/c+dir+c:

    I understand that netcat is logged in to ristbook port 80, but what does the command script mean?? (after ristbook [128.1.71.103] 80 http (open))

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hi, and welcome to AO.

    I have created a new thread for you, as you have a new question
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by noob_hacker
    C:TMP/NC/nc -v -n ristbook 80
    ristbook [128.1.71.103] 80 http (open)
    get http://ristbook/scripts/..%255c../wi....exe?/c+dir+c:

    I understand that netcat is logged in to ristbook port 80, but what does the command script mean?? (after ristbook [128.1.71.103] 80 http (open))
    You're using the HTTP protocol (GET) to abuse the double decode bug in IIS. It's the same bug Nimda tries to abuse.. It's about 6 years old.. Shouldn't work anymore...

    RFC 2616 HTTP 1.1
    Aggressive Propagation of Nimda Worm
    MS00-078
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Junior Member
    Join Date
    Apr 2006
    Posts
    2
    uh... can't grasp anything for a layman like me... so by using the command *get* then http means i activated a bug (?) that gives me information about the structure of the http i'm looking at?? cool...

    oh ya btw can you give me some more info about what other command i can give on an http port?

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by noob_hacker
    uh... can't grasp anything for a layman like me...
    Then why are you trying to exploit something? Learn the basics first..
    so by using the command *get* then http means i activated a bug (?) that gives me information about the structure of the http i'm looking at?? cool...
    Not quite my friend... You're GETting something from a webserver.. The bug (MS00-078) is in the way IIS handles the %255c.. Which results in an ability to break out of the webroot..
    oh ya btw can you give me some more info about what other command i can give on an http port?
    Read RFC-2616...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides