I understand eternal_security!
I should have asked them first anyway...

Thanks Dutchie


I talk to the guys at Offensive-Security and their answer was: "Metasploit is forbidden on some machines".

So it is good, they want to know if we can do without on some machines and if we know how to use it on others.

I couldn't ask for better answers! Thanks guys!

I am still new to this field, but you guys gave me a lot of nice things to look for.

So I get your point now. I could also add:

- Configuration files (web applications with the database credentials, etc)
- Maybe browser cookies?!?

 

Thanks impelse.

I am almost ready now. Just one or two things to read and practice and I relax until the exam.

Once you have a shell with low privileges on a box, how do you get admin/system/root privileges?

I am looking for some advice on privilege escalation techniques on both Windows and Linux. I know it depends on a lot of factor, like remote or local, type of os, service packs, etc. But I am looking more at how to find the solution.

Also, I know that if you use the Metasploit framework, Core Impact, etc, it gets pretty easy. But I want to do it manually.

I know on Windows, we could use the at command. But what if it doesn't work?

Anyway, I have been on google for a while now and I find it difficult to find good explanations, examples, tutorials or "how to".

The only solution that I know right now is to go on milw0rm, exploit-db.com, etc, find an exploit, compile it and use it. Is there any other "tricks"?

Thanks

Great review MaXe!

I am challenging OSCP tomorrow morning and IF everything goes well, OSCE would probably be the next one.


I am also looking at a very good web app pentest course. Would you consider OSCE to cover web app exploit in depth?

Ahhh, if these courses were cheaper... 

It does help, thanks! 

Another question, I know we won't be allow to use some tools during the exam, like Core Impact or Ettercap.

Do you guys know if we will be allow to use Metasploit, since it is part of the course? If we aren't, I will make sure I study some other stuff...

It worked!!!

The Metasploit exploit iis_webdav_upload_asp did the trick:


 

Great reading!


This is exactly my problem. But:


I was all excited, but the server doesn't seem to be running this version of Windows (nmap -O couldn't pin point the OS...)

I tried:

I found other things on the server, so I will poke at them for a while.

Thanks guys

Thanks for the article, but it doesn't solve my problem...

I am working on COPY and MOVE right now...

I get a 404 Object Not Found when I try to access it.

All the other ones are there. Could it be that, by default, IIS prevent us from creating .asp files remotely?

I tried again and this code doesn't work:


These file types work:

• .txt
• .html
• .htm
• .js
• .vbs

Maybe I am missing something in the HTTP header...

Got some nice ASP code here:
http://classicasp.aspfaq.com/general/how-do-i-execute-a-ping-command-from-asp-and-retrieve-the-results.html

But I can't create .asp files. Only .txt...

Nothing is easy!