Penetration Testing mailing list archives

Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested.

From: "Kevin Spett" <kspett () spidynamics com>
Date: Thu, 19 Dec 2002 17:46:15 -0500

Try POSTing the actual commands to it.  For more info on NetWare web stuff,
check out RFP's Blackhat presentation.


Kevin Spett
SPI Labs
http://www.spidynamics.com/

----- Original Message -----
From: "Ralph Los" <RLos () enteredge com>
To: <Pen-test () securityfocus com>
Sent: Wednesday, December 18, 2002 3:28 PM
Subject: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As
sistence requested.

Hey - let me re-open a thread again, if you folks don't mind.  I've

found

server at one of our pen-test clients with this NetWare HTTP/HTTPS

server.

I've been trying to figure out a way to make it tango, but have been

having

some problems.  Here's what I've tried and where I left off, maybe

someone

can toss some suggestions out.

Attempt:  http://address/perl/-v
Result: NetWare port Copyright 1998 Novell Corporation.
All rights reserved.

Attempt: http://address/perl/-h
Result: Page not found

Attempt: http://address/perl/-e%20print%20%22hello%20world%22;
Result: IE just hangs there "DONE"

Attempt: http://address/perl/-e%20print%201;
Result: IE just hangs there "DONE"

So what's up?  Is this box "patched" against this form of attack

somehow?

Could someone throw me another idea maybe?

Thanks a bunch.


--------------------------------------------------------------------------
--

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please

see:

https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested. Ralph Los (Dec 18)
- RE: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested. Bob Mahan (Dec 19)
- Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested. Jon DeShirley (Dec 19)
- Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested. C-Foo (Dec 20)
- <Possible follow-ups>
- Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested. Kevin Spett (Dec 19)