Full Disclosure mailing list archives
RE: CORE-Impact license bypass
From: "Josh Perrymon" <perrymonj () networkarmor com>
Date: Mon, 26 Sep 2005 16:17:25 -0500
I just think that too many consultants are relying on automated tools to do their job. Don't get me wrong... I use them on every project- Nmap Nessus AMAP MetaSploit HPING2 VomiT Acunetix Etc................. For me I use the tools to help spot a vulnerable system then exploit the system using Metasploit or with a known safe exploit I have collected. I just don't know if I could pay 15k to have access to exploits. -----Original Message----- From: Marc Maiffret [mailto:mmaiffret () eeye com] Sent: Monday, September 26, 2005 4:50 PM To: Exibar; c0ntex; Josh Perrymon; full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] CORE-Impact license bypass Importance: Low <snip>
As far as automated tools go, bah, manually exploiting the holes is certainly the way to go. But, the automated tools usually produce nice pretty reports that you can show the client. They just LOOOOOVVVVVEEEEEE pretty reports with many bright colors and such for the good stuff and dark "hacker like" colors for the bad stuff :-) Exibar
Why is manually exploiting holes the way to go? More so what do you mean by manually? Writing the exploit yourself? (Few consultants can do that, and even fewer can do that good). So maybe manually means downloading hax0rw4ng495's exploit off bugtraq and using that? Or? So I am curious what was the last SMB/RPC exploit that you saw that took advantage of SMB/RPC fragmentation for stealth purposes of evading IDS/IPS systems? I cant think of any that have done that but I can think of an automated exploit system (Canvas) that does just that. Or when was the last time you saw a good RPC remote exploit that was able to take advantage of all known attack vectors? 139,445,dynamicport,rpc over http, bla bla bla. But again both of the automated attack systems (canvas/core) do just that. I'm playing devils advocate so its not that I completely disagree but I think for the average consultant (99% of consultants) using an automated solution like Core/Canvas is going to do far more for them. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Blink - End-Point Vulnerability Prevention http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities Important Notice: This email is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offense. Please delete if obtained in error and email confirmation to the sender. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: CORE-Impact license bypass, (continued)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 27)
- Re: CORE-Impact license bypass Martin Mkrtchian (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 27)
- Re: CORE-Impact license bypass Andrew Simmons (Sep 27)
- Re: CORE-Impact license bypass Valdis . Kletnieks (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 28)
- Re: CORE-Impact license bypass sk (Sep 28)
- Re: exploit frameworks Dave Aitel (Sep 30)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass fd (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 26)