Webdev fuss so what?

[peter devris <peterdevris () hotmail com>]

What is all the fuss about the webdev vul?

I have an IIS5.0 server SP3 and thought I best check
this out so tried the following to test and exploit my
server

webdevfinder.pl - by SensePost Research
      returns - WebDAV possibly in use
 
OK looks like a problem, so now test exploit using:

webdavx.pl  - by isno () xfocus org
   returns - attempting all the offsets 0-7:
     send buffer...  
      telnet target 7788
      if fail, try other offset(0-7)
    
    All telnet attempts failed to connect!

webdavIIS50.pl by www.infowarfare.dk
  Returns
    IIS 5.0 WebDAV BufferOverflow attack
    but fails to do anything!!

wbr.exe -  ntdll.dll exploit trough WebDAV by kralor[Crpt]
     failed to nc to my listening port!

     Results:
     Checking WebDav on 'xxxx' ... FOUND
     exploiting ntdll.dll through WebDav [ret: 0x00100010]
     Connecting... CONNECTED
     Sending evil request... SENT
     Server seems to be patched.
     data: HTTP/1.1 500 Internal Server Failure
     Server: Micr╠╠ñ²↕

     Hey this server is not patched!

Ok all the above failed, so I am safe?

Next step was to build a Win2k SP 1 - default install
IIS5.0 and repeat all the above.

Guess what all failed, so even with SP1 and SP3 -
straight out of the box I was not vuln to this WebDev
exploit

So what is all of the fuss about?
During the testing both Web servers still ran and never
when down.

Cheers peter

---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------