Man, BT and PWB are hogging all the resources. This is why we can't have nice things. I'd rather have AWAE online than stock footage of stuff being smashed.

Ok, here's another problem I have had for way too long now and I want to fix.

Here's the scenario: I have got a limited shell on a server in a lab through a web application vulnerability.

By "limited shell", I mean:
- The shell doesn't give me any output on the screen and I cannot output results of commands in a file
- I can change directory and list files (using a second ASP shell), but that's about it.
- I am able to ftp files/modify files into the web root directory (for example, I have uploaded nc.exe in C:\inetpub\wwwroot)

So for example:
C:\Windows\system32>cd ../..     (works)
C:\>cd inetpub\wwwroot    (works)
C:\inetpub\wwwroot> dir    (doesn't display anything)
C:\inetpub\wwwroot> dir > files.txt    (doesn't create a file)
C:\inetpub\wwwroot> nc.exe -lvp 4444    (doesn't work)
C:\inetpub\wwwroot> nc.exe -v 192.168.1.20 4444    (doesn't work either)

I have tried 5 or 6 different ASP shells, but couldn't get much more out of it.

So what approach should I take at this point? Write my own ASP shell code? Focus on trying to get a full shell (for example, using netcat somehow)? Maybe priv escalation (I don't think so at this point, but I could be wrong)

I really just need a direction so I can continue working on a solution...

Thanks

So I am looking at what to pick for training this year, provided we have a budget for it.  I am torn between a few SANS courses, 2 of which do not have any GIAC certs associated but provide some much needed information.  Those would be SEC575 (mobile security) and 579 (Virtualization/Private Cloud).  575 would benefit my current role at the company.  579 peaks my interest much more because I love me some virtual machines and the architecture behind a properly implemented solution.  As for the cert paths I was looking at SEC501 (Adv Sec Essentials), mostly to formalize my training as a defender. The other option was FOR610 (malware analysis), main goal is to get more formal training on this topic which has been an ongoing self-study effort.

So do I go for the straight up informational training?  Or go for a cert path?  Any choice will help the company really.  I am the only technical/architecture security guy, so increasing my knowledge helps improve things as a whole.  Though if I was to go completely selfish, I would choose FOR610 for both the experience and the cert.  SEC579 would be a close 2nd.

Any thoughts?

Okay, I recently took and past the GCIH exam and I'd like to take the CEH test in a few weeks. By studying for the SANS GCIH exam do you think I'm adequately prepared for the CEH exam?

Any areas that I might want to focus on? Also, do you recommend the CEH 7 or 8?

Thanks

Anyone able to reference me to some good video tutorials for defeating firewalls?