On 13 April 2011 17:35, arvind doraiswamy <arvind.doraiswamy (at) gmail (dot) com [email concealed]> wrote:
> What about execute permissions in the directory where the web shell was
> executed? It too would "execute" .. right? Not read like the other files you
> uploaded.
I uploaded to a directory where existing .asp files worked fine.
Robin
>
> Disclaimer: not checked :) .. just thinking logically.
>
> Arvind
>
> On Wed, Apr 13, 2011 at 7:07 PM, Calderon, Juan Carlos (GE, Corporate,
> consultant) <juan.calderon (at) ge (dot) com [email concealed]> wrote:
>>
>> 3 things on top of my mind
>>
>> 1. Your page is doing a "unaware" redirection to a non existing page, so
>> it is loaded, but then it redirects you (or transfer you, they are
>> different in ASP) and you get the 404 error massage
>> 2. Antivirus is detecting and removing the shell or putting it on
>> quarantine (not likely if it is a web page)
>> 3. IIS server is hardened and classic asp pages are "served" by 404.dll
>> a dll created by MS to prevent access to pages of certain type.
>>
>> Hope it helps,
>> Juan C Calderon
>>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>> On Behalf Of Robin Wood
>> Sent: Tuesday, April 12, 2011 12:00 PM
>> To: webappsec (at) securityfocus (dot) com [email concealed]
>> Subject: .asp giving 404
>>
>> On a recent test I got FTP write access to a web server which had an ASP
>> based site on it. I uploaded an ASP shell and tried to browse to it but
>> got a 404. I uploaded it to a directory that had directory listing
>> enabled and confirmed the file was there but again browsing to it gave a
>> 404.
>>
>> I uploaded a text file and image and could browse to both of those fine.
>>
>> I also tried downloading an existing page and modifying that then
>> re-uploading it but didn't have permission to overwrite the file.
>>
>> I vaguely remember something to do with file permissions having to be
>> set correctly for ASP to run from years ago when I did some dev work in
>> it but can't remember. Can someone tell me what was likely to have been
>> going on and if there is any way around it given the access I had?
>>
>> Robin
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>
>
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
> What about execute permissions in the directory where the web shell was
> executed? It too would "execute" .. right? Not read like the other files you
> uploaded.
I uploaded to a directory where existing .asp files worked fine.
Robin
>
> Disclaimer: not checked :) .. just thinking logically.
>
> Arvind
>
> On Wed, Apr 13, 2011 at 7:07 PM, Calderon, Juan Carlos (GE, Corporate,
> consultant) <juan.calderon (at) ge (dot) com [email concealed]> wrote:
>>
>> 3 things on top of my mind
>>
>> 1. Your page is doing a "unaware" redirection to a non existing page, so
>> it is loaded, but then it redirects you (or transfer you, they are
>> different in ASP) and you get the 404 error massage
>> 2. Antivirus is detecting and removing the shell or putting it on
>> quarantine (not likely if it is a web page)
>> 3. IIS server is hardened and classic asp pages are "served" by 404.dll
>> a dll created by MS to prevent access to pages of certain type.
>>
>> Hope it helps,
>> Juan C Calderon
>>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>> On Behalf Of Robin Wood
>> Sent: Tuesday, April 12, 2011 12:00 PM
>> To: webappsec (at) securityfocus (dot) com [email concealed]
>> Subject: .asp giving 404
>>
>> On a recent test I got FTP write access to a web server which had an ASP
>> based site on it. I uploaded an ASP shell and tried to browse to it but
>> got a 404. I uploaded it to a directory that had directory listing
>> enabled and confirmed the file was there but again browsing to it gave a
>> 404.
>>
>> I uploaded a text file and image and could browse to both of those fine.
>>
>> I also tried downloading an existing page and modifying that then
>> re-uploading it but didn't have permission to overwrite the file.
>>
>> I vaguely remember something to do with file permissions having to be
>> set correctly for ASP to run from years ago when I did some dev work in
>> it but can't remember. Can someone tell me what was likely to have been
>> going on and if there is any way around it given the access I had?
>>
>> Robin
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>
>
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]