Security Basics mailing list archives

RE: Some Few Doubts on IIS Vuln

From: "dave kleiman" <dave () isecureu com>
Date: Mon, 31 Jan 2005 20:30:44 -0500

Kaps,

You did not specify what you did the NESSUS scan on, but I will take a shot
that that it sounds like IIS5.

1.  .IDA ISAPI can be many things, for example, the Index Service running
provides for administrative scripts .IDA files.  Installing URLScan will
block these requests, and provide you with a log of the attempt, therefore
you would see what Nessus was attempting.
http://www.microsoft.com/downloads/details.aspx?familyid=23d18937-dd7e-4613-
9928-7f94ef1c902a&displaylang=en

2.  Wfetch will let you do those commands manually:
http://download.microsoft.com/download/d/e/5/de5351d6-4463-4cc3-a27c-3e22742
63c43/wfetch.exe

3.  Since we do not know what mail server or what authentication it uses
this might be difficult.

4.  Have you visited the documentation on http://www.nessus.org/  ??

Regards,

____________________________________________
Dave Kleiman, CIFI, CISM, CISSP, ISSMP, MCSE

www.SecurityBreachResponse.com


-----Original Message-----
From: kaps lock [mailto:secnerdkaps () yahoo com]
Sent: Monday, January 31, 2005 12:29
To: security-basics () securityfocus com
Subject: Some Few Doubts on IIS Vuln


hi all,
I did a VA scan using nESSUS and was need help in the analysis part of it
and inturn learn more :

1).IDA ISAPI filter mapped
   What does mapped means?Could anyone tell me what exactly this filter is
used for and what is a .ida extension ,i mean i know code red and all but
still wud like to know what is the function of this filter and wht a .ida
extension is ?an example string ....if anyone knows to test this vuln on
server tht i cud use as a manual penetration tsting tip?

2)if i find a server on which u can successfull upload and delete a file say
test.html with PUT and DELETE.How could i manually actually do this on the
server ,basically how to craft that attack or how to go about it.

3)The mail server on a specially crafted GET request reveals the
authentication mechanism??
What reuqest by Nessus made this conclusion?any tips

4)too many arguements on the ACCEPT command can crash the server..now this
is surely a false positive but i cud i make it for sure?

thanks all...



__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/mail

Current thread:

RE: Some Few Doubts on IIS Vuln dave kleiman (Feb 01)
- RE: Some Few Doubts on IIS Vuln kaps lock (Feb 07)
  - Re: Some Few Doubts on IIS Vuln Charles Otstot (Feb 09)