HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 68 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow Tutorialsarrow Tutorial Requestsarrow How to remote upload File / Folder in a 403: Forbidden / Write protected Folder
EH-Net
May 25, 2012, 08:56:49 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: How to remote upload File / Folder in a 403: Forbidden / Write protected Folder  (Read 9228 times)
0 Members and 1 Guest are viewing this topic.
Rafales
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: June 23, 2009, 10:54:15 AM »
Hi Friends,

This is purely Ethical hacking and it is a test for me. so please help me in this issue. its urgent.

I want to create / remote upload a File and Folder in the Web Server that has got vulnerabilities.

Example host:
Code:
http://101.120.27.21/


Server Type: Microsoft-IIS/6.0
Server Side: PHP/ASP
Application Server: PHP
Web Server: IIS, IIS6


Note: The website / webserver has got lots of vulnerabilities like Blind SQL Injection, Cross-Site Scripting, PHP Remote File Inclusion, SQL Injection, Stored Cross-Site Scripting, Windows File Parameter Alteration, Link Injection (facilitates Cross-Site Request Forgery), Unencrypted Login Request etc....

Exampel URL:
Code:
http://101.120.27.21/gulli_database/


Now I want to create a Folder and remote upload a File under the "gulli_database" directory. The "gulli_database" directory is write protected / 403: Forbidden.

Please help me how to create a Folder and remote upload the file under "gulli_database" directory. Is there any scripts / exploits to bypass the the folder protection and write in the folder.

The File and folder should be uploaded remotely. The gulli_database/ is Forbidden / Write Protected for any users. Only

admins can write inside the folder. Anonymously I have to bypass it and write into that folder "gulli_database/". Are there any commands / scripts I can execute in the URL of the browser or any tools exist to bypass the permissions of the folder and remote upload to the write protected directory.

I tried the http put/mkcol methods but doesnt work. i can view the contents of the directory. there is a guest book "comment" field where scripts can be injected.

I am connecting to my remote server. webdav is enable but put and mkcol method is disabled. there is also a guest book that is vulnerable to injection.


please guide me how to go about.


Thanks and Regards
Rafales
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #1 on: June 23, 2009, 02:07:53 PM »
This looks suspiciously like a homework assignment.  Wink

I think that you should look into the MSSQL xp_cmdshell stored procedure.   Assuming your database user has access to this procedure and can write to the directory where you would like to upload the file, it should the trick.
Logged
~~~~~~~~~~~~~~
Ketchup
timmedin
Sr. Member
****
Offline Offline

Posts: 470



View Profile WWW
« Reply #2 on: June 23, 2009, 11:09:12 PM »
Do you know the underlying RDMS? If you don't send a malformed SQL injection and see what error is returned in order to determine the RDMS. If you can get sql injection you may be able to write a php file (php shell) to do your dirty work.
« Last Edit: June 27, 2009, 06:10:21 PM by timmedin » Logged
twitter.com/timmedin | http://blog.securitywhole.com
Rafales
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #3 on: June 24, 2009, 02:19:12 AM »
Now I have the Admin user name and pass of http://101.120.27.21/

Server Type: Microsoft-IIS/6.0
Server Side: PHP/ASP
Application Server: PHP
Web Server: IIS, IIS6


Now I need to upload a file from my local system C:\test.txt to http://101.120.27.21/gulli_database/

First I need to remotely login as admin to the remote webserver and then copy a text file from the local system (C:\text.txt) to the remote folder http://101.120.27.21/gulli_database/

If I don't login as admin I get "Access Denied" Error Message when I copy a txt file to gulli_database. How to login into remote web server as admin
 
What type of connection should I use. Will "Net Use" commands help or should I try thru. FTP / Telnet.

which method will be sucessfull Net Use commands / Telnet / FTP

please give me syntax and commands for NET USE commands / FTP / Telnet

Step 1. Login to remote web server as admin from my Local System
Step 2. copy C:\text.txt to http://101.120.27.21/gulli_database/ and create a Folder name "Test" in http://101.120.27.21/gulli_database/

Please guide me in this regard

Thanks and Regards
Rafales
Logged
timmedin
Sr. Member
****
Offline Offline

Posts: 470



View Profile WWW
« Reply #4 on: June 27, 2009, 06:17:34 PM »
What is this server? This is a publicly routable ip address.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.257 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.