Re: Exploit Tool

["TAJiK" <t4jik () mail ru>]

go to nmap.ru and xspider.ru

----- Original Message -----
From: "JM" <james__mcgee () hotmail com>
To: <security-basics () securityfocus com>
Sent: Thursday, November 07, 2002 10:15 PM
Subject: Re: Exploit Tool


> Sorry for the dumb question...but someone must be able to help...
>
> There are loads of tools out there to identify vulnerabilites, I for one
am
> using Retina 4.9. This is good in that it tell you exactly how to fix the
> problem.
>
> What I would like to know is if there are any tools out there that will
find
> the vulnerabilitites and test them, i.e. Try to exploit them.
>
> For example, running the vulnerability scanner against a particular host
> list the following as a vulnerability;
>
> Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW
> DESCRIPTION:            A vulnerability in IIS involving the processing of
> chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
> attacker to                                         remotely execute the
> code of his choice
> RISK LEVEL:                High
> HOW TO FIX:                Microsoft has released a hotfix to eliminate
this
> vulnerability
> RELATED LINKS:        Microsoft Security Bulletin
>                                         eEye Advisory
> CVE:                            CAN-2002-0364
>
> What I would like to know is, if there is a tool that could demonstrate
this
> vulnerability by exploting it.  Of course this would be done in a test
> environment only, but it is to demonstrate the exploit to a client who
> thinks these things are rarely exploited.
>
> Thanks
>
>
> JM
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002