Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

NEW IIS tools

From: Javier Fernandez-Sanguino Peña <jfernandez () sgi es>
Date: Mon, 16 Jul 2001 20:08:27 +0200

        Yes, I know there are quite a number of unicode tools out there (Kevin
Timm's fire-runner, H D Moore's unicoder.pl, sec-1's iisenc.pl, Ian
Vitek's briiis.pl), however I promised it and here I release a new one.

        Hopefully, since it's GPL, I can add contributions in order to fix the
many TODOs I still have left. Still, these tools are usable enough.

I include with this mail some tools I have developed in order to do
penetration tests in IIS servers. Included are:

1.- unicode-shell. Simulates a shell to execute commands to an IIS
server. It's really delightful to do a 'ls' and see the results as if
using a troyan (netcat) in the remote server.

2.- echo-files. Allows remote generation of *any* file in an IIS server.
This program generates the commands that can be given to a
non-interactive execution of unicode-shell in order to use the IIS
server as an FTP server.

With this two tools you can penetrate-test an IIS server including file 
downloads (using uuencode or adjointed 'netsend').

3.- Downloadasp. This tool uses know vulnerabilities in IIS to download
the source for ASPs in order to do a code audit in search of known bad
habits in programming (like using user's input to generate SQL queries).

4.- findasp.  This tool takes a local copy of a webserver and outputs a
list of asp files.

Findasp can "feed" downloadasp in order to retrieve the whole source of
an IIS server.

        I hope this four tools are useful for penentration testers out there. I
would like to receive bug reports and improvements (although I will not
be doing penetration testing for some time, so I might not be quick to
answer). 

        Best regards

        Javier Fernández-Sanguino Peña

Attachment: unicode-shell.pl
Description:

Attachment: echo-files.pl
Description:

Attachment: downloadasp.pl
Description:

Attachment: findasp.pl
Description: 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: