Jean-Philippe Palha wrote:
Hi,
Put a copy of cmd.exe on your PHP dir and give it the good permissions...
dont forget to rename it... mess with crackers some more...
if you check your logs, you'll see a bunch of script kiddies running the
same cracking scripts over and over, and one of t
> So is that just the case of adding IUSER_XXX to cmd.exe?
> What permissions do I give IUSER on cmd.exe?
remove the deny that is probably alreaDy there, and add iusr_server with
read&execute.
> Isn't that a big risk? Is there a way to exploit that? (apart from someone
> uploading php code etc
Hi,
Put a copy of cmd.exe on your PHP dir and give it the good permissions...
Jean-Philippe PALHA ([EMAIL PROTECTED])
IMA'DIFF - 13, rue Damesme - 75013 Paris FRANCE
Tel : 33 1 53 80 89 89 - Fax : 33 1 53 80 89 81
Web : http://www.imadiff.com
-
Hi Louis,
So is that just the case of adding IUSER_XXX to cmd.exe?
What permissions do I give IUSER on cmd.exe?
Isn't that a big risk? Is there a way to exploit that? (apart from someone
uploading php code etc), via a URL or something?
Just wanting the "correct/safest" way to do this.
Cheers
> What is the correct way to setup php/iis to allow php access to run exec()
> (ping.exe,cat.exe (from gnu utilities for win32), and any other command
> shell stuff.) etc.
access to %windir%\system32\cmd.exe is required. this is denied in a
default IIS6 installation.
--
Louis Solomon
www.Ste
