Security Basics mailing list archives
Re: Exploit Tool
From: "TAJiK" <t4jik () mail ru>
Date: Fri, 8 Nov 2002 22:33:30 +0300
go to nmap.ru and xspider.ru ----- Original Message ----- From: "JM" <james__mcgee () hotmail com> To: <security-basics () securityfocus com> Sent: Thursday, November 07, 2002 10:15 PM Subject: Re: Exploit Tool
Sorry for the dumb question...but someone must be able to help... There are loads of tools out there to identify vulnerabilites, I for one
am
using Retina 4.9. This is good in that it tell you exactly how to fix the problem. What I would like to know is if there are any tools out there that will
find
the vulnerabilitites and test them, i.e. Try to exploit them. For example, running the vulnerability scanner against a particular host list the following as a vulnerability; Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW DESCRIPTION: A vulnerability in IIS involving the processing of chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an attacker to remotely execute the code of his choice RISK LEVEL: High HOW TO FIX: Microsoft has released a hotfix to eliminate
this
vulnerability RELATED LINKS: Microsoft Security Bulletin eEye Advisory CVE: CAN-2002-0364 What I would like to know is, if there is a tool that could demonstrate
this
vulnerability by exploting it. Of course this would be done in a test environment only, but it is to demonstrate the exploit to a client who thinks these things are rarely exploited. Thanks JM --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002
Current thread:
- Re: Exploit Tool JM (Nov 08)
- Re: Exploit Tool Johannes Segitz (Nov 09)
- Re: Exploit Tool TAJiK (Nov 09)
- Re: Exploit Tool voguemaster (Nov 11)
- <Possible follow-ups>
- Re: Exploit Tool khayes (Nov 09)
- RE: Exploit Tool Leonard.Ong (Nov 11)
- RE: Exploit Tool khayes (Nov 11)
- Replacement for Aventail Sarbjit Singh Gill (Nov 12)
- RE: Exploit Tool Greg van der Gaast (Nov 14)
- RE: Exploit Tool Marc Maiffret (Nov 17)
- RE: Exploit Tool Juan Carlos Vazquez Pesina (Nov 12)