Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

[PEN-TEST] Proxy Penetrated

From: Roberto Poblete <roberto () ORION CL>
Date: Wed, 23 Aug 2000 09:07:23 -0500
I´m using Internet Security System 6.0.1 to test Windows NT machines.

In one test to and email and web server this application (IS) says that my
machine is vulnerable "Proxy Penetrated"

I ask about this to ISS support and they give this exercise to probe the
vulnerability:

You should be manualling checking for this vulnerability in this manner.
1. Telnet to port 80 on the address of the scanned host.
2. Type "HEAD http://<proxy target IP address> HTTP/1.0" and hit ENTER
twice.
3. If the first digit of the return code is a 2, 3, or 4, the web server on
the scanned host is configured to act as a proxy (httpproxy "Proxy Found"
vulnerability).
4. If the first digit of the return code is a 2, the web server allows
access to the specified proxy target (wwwproxypen "Proxy Penetrated"
vulnerability).

I do this and I have the code 2 as result, but I don´t know if exist a way
to exploit this vulnerability??

any idea???


regards,

_________________________________
Atte,
Roberto Poblete / email: roberto () orion cl
fono: 6403943 / Fax: 6403990
Orion 2000
Servicios Profesionales en Seguridad Informática
Previous By Date Next
Previous By Thread Next

Current thread: