Xatrix Security

[Xcellerator]

I know that when you open a http site on your browser it will automatically search for the index.htm file on the root of the server and if it doesn't find it, it'll just display the contents of the server root, correct?

If your school, like mine, can't be bothered to find the problem as to why easylink won't open in web folders on any computer other than those in the school network, then you should see the crappy look of the 'un-webfoldered' view . So if you were to place an index.htm file in your docs, then you could perhaps exploit the server... Maybe with only an input box and a php script to execute whatever commands are entered into the box...

If this could work, then I'd need help on the html and php coding, I can code some advanced batch files but that's as far as I can go!

[muto]

Anyone with half a braincell wouldn't allow code to be executed, but then again, this is RM we're talking about.

First thing is to work out what language is used, I'd guess php, but it could be asp. You can almost certainly find this from the urls on the site.

What you're looking for is called a web shell, the most common/popular php one is c99 (although c100 and r57 are also used). Google should find you a copy quick enough. Dump this in someone's documents (NOT YOURS), and give it a try. Your AV might pick up the more well known shells, so look around for an encrypted one..

[Xcellerator]

There's a nerdy little hacker kid in the year below me who knows absolutely nothing about hacking, but he says that he's the king of it... . I managed to phish one of his passwords out of him after he told me that he has one password for everything! I'll use his account...
Anyways, what commands would be supported? Only PHP or ASP, or any commands I'd want, web shell, makes cmd come to mind...
BTW: got any links to a download site for one of those web shells, google don't seem to be finding any results other than broken links...

[muto]

The shell gives you the ability to execute php code, as well as any console commands you wish. c99 is built for Linux, but works somewhat on Windows - you might want to find a better one. I've only got some private copies saved, but here's a pic to show you what you can do..

http://img40.imageshack.us/img40/3953/c100.png

[jd2kuk]

I know that when you open a http site on your browser it will automatically search for the index.htm file on the root of the server and if it doesn't find it, it'll just display the contents of the server root, correct?

No- if directory listings were allowed, you'd see the contents of the 'wwwroot' folder, but in all likelyhood, you'd receive a 'virtual directory listing denied' error.

First thing is to work out what language is used,

ASP. Easylink is built on IIS, so any exploits for it would apply to easylink too.

[muto]

You might get away with it if the server has been set up really badly. When I was doing some experimentation on a university site, they had it so that if you created a 'www' folder in your home folder, anything in it would go to a web page on http://server/~username. This was a Linux server through, so it might be a bit different.

As for ASP, there aren't that many shells around for it, because it's not as popular online, so you probably won't find one as feature rich, but there are certainly ones to let you execute commans, and you might even get a NC backdoor.

[Xcellerator]

NC is a good idea, cos I have access to command prompt and I can copy stuff to the C drive, and I could make a shortcut to modify the registry to allow nc connections on port 4444 or 23...