Security Basics mailing list archives
RE: Some Few Doubts on IIS Vuln
From: "dave kleiman" <dave () isecureu com>
Date: Mon, 31 Jan 2005 20:30:44 -0500
Kaps, You did not specify what you did the NESSUS scan on, but I will take a shot that that it sounds like IIS5. 1. .IDA ISAPI can be many things, for example, the Index Service running provides for administrative scripts .IDA files. Installing URLScan will block these requests, and provide you with a log of the attempt, therefore you would see what Nessus was attempting. http://www.microsoft.com/downloads/details.aspx?familyid=23d18937-dd7e-4613- 9928-7f94ef1c902a&displaylang=en 2. Wfetch will let you do those commands manually: http://download.microsoft.com/download/d/e/5/de5351d6-4463-4cc3-a27c-3e22742 63c43/wfetch.exe 3. Since we do not know what mail server or what authentication it uses this might be difficult. 4. Have you visited the documentation on http://www.nessus.org/ ?? Regards, ____________________________________________ Dave Kleiman, CIFI, CISM, CISSP, ISSMP, MCSE www.SecurityBreachResponse.com -----Original Message----- From: kaps lock [mailto:secnerdkaps () yahoo com] Sent: Monday, January 31, 2005 12:29 To: security-basics () securityfocus com Subject: Some Few Doubts on IIS Vuln hi all, I did a VA scan using nESSUS and was need help in the analysis part of it and inturn learn more : 1).IDA ISAPI filter mapped What does mapped means?Could anyone tell me what exactly this filter is used for and what is a .ida extension ,i mean i know code red and all but still wud like to know what is the function of this filter and wht a .ida extension is ?an example string ....if anyone knows to test this vuln on server tht i cud use as a manual penetration tsting tip? 2)if i find a server on which u can successfull upload and delete a file say test.html with PUT and DELETE.How could i manually actually do this on the server ,basically how to craft that attack or how to go about it. 3)The mail server on a specially crafted GET request reveals the authentication mechanism?? What reuqest by Nessus made this conclusion?any tips 4)too many arguements on the ACCEPT command can crash the server..now this is surely a false positive but i cud i make it for sure? thanks all... __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/mail
Current thread:
- RE: Some Few Doubts on IIS Vuln dave kleiman (Feb 01)
- RE: Some Few Doubts on IIS Vuln kaps lock (Feb 07)
- Re: Some Few Doubts on IIS Vuln Charles Otstot (Feb 09)
- RE: Some Few Doubts on IIS Vuln kaps lock (Feb 07)