Security Basics mailing list archives

RE: Exploit Tool

From: "Greg van der Gaast" <greg.van.der.gaast () ordina nl>
Date: Tue, 12 Nov 2002 13:13:25 +0100
Retina isn't copied from SSS. I can guarantee you that. Marc Maiffret
(eEye's Chief Hacking Officer) aka former hacker 'chameleon' of MoD fame
(not to mention gullible enough to think terrorists were sending him
money for his stolen DISA files, only to mysteriously find half a dozen
special agents in his bedroom pointing a gun to his head one early
morning), actually stole the code for the Retina backend from an
Australian programmer in Brisbane, who will remain unnamed.

Good thing we're all ethical folks, eh?

Regards,

Greg van der Gaast
Ordina Public 
Security Services 

-----Oorspronkelijk bericht-----
Van: khayes () eastbay com [mailto:khayes () eastbay com] 
Verzonden: Monday, November 11, 2002 2:43 PM
Aan: Leonard.Ong () nokia com
CC: james__mcgee () hotmail com; security-basics () securityfocus com
Onderwerp: RE: Exploit Tool



Unfortunately, I've never used Retina Scanner so I'm probably not in the
position to claim who's copying who.  (smile)  I do know that currently
SSS
holds the spot as the 'preferred tool' for exploit identification in the
warez/hacking scene.

I've seen it used a number of times on compromised systems.  That is to
say, someone has popped a shell of sorts and run SSS from a script.  The
Modus Operandi  seems to be they compromise one node running an FTPD.
They
then upload SSS and a predefined scan script.  They then pass the
appropriate commands to run SSS from the remote host to scan their real
target(s).  Once SSS is done they FTP back on to the machine and
retrieve
the results.

I'll grab a copy of Retina Scanner and tear through it now that you have
my
curiosity peaked.

- KJH

Ken Hayes
Network Administrator
Eastbay / Footlocker.com
Wausau, WI Offices
(715) 261-9573
khayes () eastbay com



 

 

 

 

                                       To:     <khayes () eastbay com>,
<james__mcgee () hotmail com>                            
                                       cc:
<security-basics () securityfocus com>

              <Leonard.Ong () nokia com>  Subject:  RE: Exploit Tool

 

              11/10/2002 07:06 PM

 

 





Hi,

There is one question that tickles me from long time ago.  If you check
on
Shadow Security Scanner and Retina Scanner from Eeye, they resemble each
other.

Anyone knows if they are using a common GUI, or either 'copying' the
others
?

I found very little documentation on the official website(russian) for
SSS.

Thank you


Regards,
Leonard Ong
Network Security Specialist, APAC
NOKIA

Email.  Leonard.Ong () nokia com
Mobile. +65 9431 6184
Phone.  +65 6723 1724
Fax.    +65 6723 1596



-----Original Message-----
From: ext khayes () eastbay com [mailto:khayes () eastbay com]
Sent: Saturday, November 09, 2002 5:03 AM
To: JM
Cc: security-basics () securityfocus com
Subject: Re: Exploit Tool




Shadow Security Scanner is currently the hot tool in the exploit
checking
circles.  It's exploit DB is regularly updated with the latest and
greatest.  It not only checks to see if the exploit exists, it tests the
exploit and then reports back it's findings.

- You can customize your scans to include or exclude what
filters/exploits
you want to test on.
- You can run the test against a single IP or a range.
- Reports are delivered in HTML format but can be exported to a number
of
other formats

Do a search at Google for it.

Regards,
- KJH

Ken Hayes
Network Administrator
Eastbay / Footlocker.com
Wausau, WI Offices
(715) 261-9573
khayes () eastbay com







                                       To:
<security-basics () securityfocus com>

                                       cc:

              "JM"                     Subject:  Re: Exploit Tool

              <james__mcgee () hotmail co

              m>


              11/07/2002 11:15 AM










Sorry for the dumb question...but someone must be able to help...

There are loads of tools out there to identify vulnerabilites, I for one
am
using Retina 4.9. This is good in that it tell you exactly how to fix
the
problem.

What I would like to know is if there are any tools out there that will
find
the vulnerabilitites and test them, i.e. Try to exploit them.

For example, running the vulnerability scanner against a particular host
list the following as a vulnerability;

Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW
DESCRIPTION:            A vulnerability in IIS involving the processing
of
chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
attacker to                                         remotely execute the
code of his choice
RISK LEVEL:                High
HOW TO FIX:                Microsoft has released a hotfix to eliminate
this
vulnerability
RELATED LINKS:        Microsoft Security Bulletin
                                        eEye Advisory
CVE:                            CAN-2002-0364

What I would like to know is, if there is a tool that could demonstrate
this
vulnerability by exploting it.  Of course this would be done in a test
environment only, but it is to demonstrate the exploit to a client who
thinks these things are rarely exploited.

Thanks


JM


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- - - - - - - - - - - - - - -
The information in this e-mail, and any attachment therein, is
confidential
and for use by the addressee only.  If you are not the intended
recipient,
please return the e-mail to the sender and delete it from your computer.
Although the Company attempts to sweep e-mail and attachments for
viruses,
it does not guarantee that either are virus-free and accepts no
liability
for any damage sustained as a result of viruses.





- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- - - - - - - - - - - - - - -
The information in this e-mail, and any attachment therein, is
confidential
and for use by the addressee only.  If you are not the intended
recipient,
please return the e-mail to the sender and delete it from your computer.
Although the Company attempts to sweep e-mail and attachments for
viruses,
it does not guarantee that either are virus-free and accepts no
liability
for any damage sustained as a result of viruses.
Current thread:

Re: Exploit Tool JM (Nov 08)
- Re: Exploit Tool Johannes Segitz (Nov 09)
- Re: Exploit Tool TAJiK (Nov 09)
- Re: Exploit Tool voguemaster (Nov 11)
- <Possible follow-ups>
- Re: Exploit Tool khayes (Nov 09)
- RE: Exploit Tool Leonard.Ong (Nov 11)
- RE: Exploit Tool khayes (Nov 11)
  - Replacement for Aventail Sarbjit Singh Gill (Nov 12)
  - RE: Exploit Tool Greg van der Gaast (Nov 14)
    - RE: Exploit Tool Marc Maiffret (Nov 17)
- RE: Exploit Tool Juan Carlos Vazquez Pesina (Nov 12)