Full Disclosure mailing list archives
Re: CORE-Impact license bypass
From: "Exibar" <exibar () thelair com>
Date: Tue, 27 Sep 2005 10:49:42 -0400
----- Original Message ----- From: "Marc Maiffret" <mmaiffret () eeye com> To: "Exibar" <exibar () thelair com>; "c0ntex" <c0ntexb () gmail com>; "Josh
Perrymon" <perrymonj () networkarmor com>; <full->d>isclosure () lists grok org uk>
Sent: Monday, September 26, 2005 4:49 PM Subject: RE: [Full-disclosure] CORE-Impact license bypass
<snip>As far as automated tools go, bah, manually exploiting the holes is certainly the way to go. But, the automated tools usually produce nice pretty reports that you can show the client. They just LOOOOOVVVVVEEEEEE pretty reports with many bright colors and such for the good stuff and dark "hacker like" colors for the bad stuff :-) Exibar<snip> I'm playing devils advocate so its not that I completely disagree but I think for the average consultant (99% of consultants) using an automated solution like Core/Canvas is going to do far more for them.
Hiya Marc! I completely agree. I actually like both methods, using an automated tool like Retina, Nessus, Foundstone, etc to find the vulns and the weaknesses, then using an individual exploit to try and penetrate that hole. Canvas / Core also have a very good use as well. They are quick, easy to use, and produce those nice reports that the clients like to see, so they get used as well. I didn't mean to imply that the consultants create their own exploits, not many I know could even begin to do that, only a couple are talented enough to do just that. Even for those very few, it's just not feasable from a time perspective. Much quick and cost effective to use what's out there. Exibar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: CORE-Impact license bypass, (continued)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- RE: CORE-Impact license bypass Josh Perrymon (Sep 26)
- RE: CORE-Impact license bypass Todd Towles (Sep 26)
- Message not available
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Message not available
- RE: CORE-Impact license bypass Jason Jones (Sep 26)
- RE: CORE-Impact license bypass Josh Perrymon (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Re: CORE-Impact license bypass Exibar (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 27)
- Re: CORE-Impact license bypass Martin Mkrtchian (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 27)
- Re: CORE-Impact license bypass Andrew Simmons (Sep 27)
- Re: CORE-Impact license bypass Valdis . Kletnieks (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 28)
- Re: CORE-Impact license bypass sk (Sep 28)
- Re: exploit frameworks Dave Aitel (Sep 30)