R: Exploitable vulnerabilities in Microsoft IIS/7.0

[Bertone Giuseppe <G.Bertone () almaviva it>]

This is a bug valid in a "fully patched" 7.5.7600.16385 IIS and its corresponding exploit:

Bug: http://www.cvedetails.com/cve/CVE-2010-3972
Exploit: http://www.exploit-db.com/exploits/15803

The exploit is written in python. I just tested it using Ubuntu as attacking machine and, as expected, I was able to 
remotely crash my "fully patched" IIS 7.5.7600.16385 FTP service. The bug was disclosed in 2010 and it was fixed with a 
Win7 patch (KB2489256) in early 2011, so it was not exactly a IIS bug, even if IIS could be used to exploit it. Note 
that Windows Update propose the patch to you only if you have IIS installed.

Giuseppe Bertone

-----Messaggio originale-----
Da: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Per conto di Nikhil Varghese
Inviato: giovedì 7 giugno 2012 18:59
A: security-basics () securityfocus com
Oggetto: Re: Exploitable vulnerabilities in Microsoft IIS/7.0

I think exploit development in windows is too difficult. I really don't know where to start. The only experience I have 
is in using metasploit.

Which is the best resource I can get to develop windows exploits?


On Wed, Jun 6, 2012 at 11:37 PM, Nikhil Varghese <nkvp.93 () gmail com> wrote:
> I found two more vulnerabilities, but i still don't have any way of 
> testing them on my system.
>
> http://www.securitytracker.com/id/1024079
> http://www.securitytracker.com/id/1024440
>
> I tried to develop my own exploit but the information is too vague. It 
> would be useful if anyone has an exploit or can help me out in anyway 
> possible.
>
>
>
> On Wed, Jun 6, 2012 at 11:13 PM, Nikhil Varghese <nkvp.93 () gmail com> wrote:
> > Are there any vulnerabilities in Microsoft IIS/7.0 that are 
> > exploitable? I found one:
> > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0074.
> > However, i could not find any metasploit exploit for the vulnerability.
> >
> > How can I test if my IIS server is vulnerable since i run Microsoft
> > IIS/7.0 in my system? Has anyone written an exploit/detailed 
> > explanation for this yet?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------