Penetration Testing mailing list archives
[PEN-TEST] Proxy Penetrated
From: Roberto Poblete <roberto () ORION CL>
Date: Wed, 23 Aug 2000 09:07:23 -0500
I´m using Internet Security System 6.0.1 to test Windows NT machines. In one test to and email and web server this application (IS) says that my machine is vulnerable "Proxy Penetrated" I ask about this to ISS support and they give this exercise to probe the vulnerability: You should be manualling checking for this vulnerability in this manner. 1. Telnet to port 80 on the address of the scanned host. 2. Type "HEAD http://<proxy target IP address> HTTP/1.0" and hit ENTER twice. 3. If the first digit of the return code is a 2, 3, or 4, the web server on the scanned host is configured to act as a proxy (httpproxy "Proxy Found" vulnerability). 4. If the first digit of the return code is a 2, the web server allows access to the specified proxy target (wwwproxypen "Proxy Penetrated" vulnerability). I do this and I have the code 2 as result, but I don´t know if exist a way to exploit this vulnerability?? any idea??? regards, _________________________________ Atte, Roberto Poblete / email: roberto () orion cl fono: 6403943 / Fax: 6403990 Orion 2000 Servicios Profesionales en Seguridad Informática
Current thread:
- [PEN-TEST] Auditing for Malicious Tools Netsecure (Aug 21)
- Re: [PEN-TEST] Auditing for Malicious Tools Max Vision (Aug 22)
- [PEN-TEST] Proxy Penetrated Roberto Poblete (Aug 24)
- Re: [PEN-TEST] Proxy Penetrated Vanja Hrustic (Aug 24)
- Re: [PEN-TEST] Proxy Penetrated Max Vision (Aug 24)
- [PEN-TEST] Proxy Penetrated Roberto Poblete (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] Auditing for Malicious Tools Curphey, Mark (ISS Atlanta) (Aug 22)
- Re: [PEN-TEST] Auditing for Malicious Tools H Carvey (Aug 23)
- Re: [PEN-TEST] Auditing for Malicious Tools Netsecure (Aug 22)
- Re: [PEN-TEST] Auditing for Malicious Tools Brian Pennington (Aug 22)
- Re: [PEN-TEST] Auditing for Malicious Tools Knowledgebase i-Net Security (Aug 23)
- Re: [PEN-TEST] Auditing for Malicious Tools Steve (Aug 23)
- Re: [PEN-TEST] Auditing for Malicious Tools Curphey, Mark (ISS Atlanta) (Aug 23)
- Re: [PEN-TEST] Auditing for Malicious Tools Max Vision (Aug 22)