Home page logo
/

basics logo Security Basics mailing list archives

Re: Exploit Tool
From: khayes () eastbay com
Date: Fri, 8 Nov 2002 13:03:04 -0800



Shadow Security Scanner is currently the hot tool in the exploit checking
circles.  It's exploit DB is regularly updated with the latest and
greatest.  It not only checks to see if the exploit exists, it tests the
exploit and then reports back it's findings.

- You can customize your scans to include or exclude what filters/exploits
you want to test on.
- You can run the test against a single IP or a range.
- Reports are delivered in HTML format but can be exported to a number of
other formats

Do a search at Google for it.

Regards,
- KJH

Ken Hayes
Network Administrator
Eastbay / Footlocker.com
Wausau, WI Offices
(715) 261-9573
khayes () eastbay com



                                                                                                                        
   
                                                                                                                        
   
                                                                                                                        
   
                                                                                                                        
   
                                       To:     <security-basics () securityfocus com>                                   
      
                                       cc:                                                                              
   
              "JM"                     Subject:  Re: Exploit Tool                                                       
   
              <james__mcgee () hotmail co                                                                               
      
              m>                                                                                                        
   
                                                                                                                        
   
              11/07/2002 11:15 AM                                                                                       
   
                                                                                                                        
   
                                                                                                                        
   







Sorry for the dumb question...but someone must be able to help...

There are loads of tools out there to identify vulnerabilites, I for one am
using Retina 4.9. This is good in that it tell you exactly how to fix the
problem.

What I would like to know is if there are any tools out there that will
find
the vulnerabilitites and test them, i.e. Try to exploit them.

For example, running the vulnerability scanner against a particular host
list the following as a vulnerability;

Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW
DESCRIPTION:            A vulnerability in IIS involving the processing of
chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
attacker to                                         remotely execute the
code of his choice
RISK LEVEL:                High
HOW TO FIX:                Microsoft has released a hotfix to eliminate
this
vulnerability
RELATED LINKS:        Microsoft Security Bulletin
                                        eEye Advisory
CVE:                            CAN-2002-0364

What I would like to know is, if there is a tool that could demonstrate
this
vulnerability by exploting it.  Of course this would be done in a test
environment only, but it is to demonstrate the exploit to a client who
thinks these things are rarely exploited.

Thanks


JM


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - -
The information in this e-mail, and any attachment therein, is confidential
and for use by the addressee only.  If you are not the intended recipient,
please return the e-mail to the sender and delete it from your computer.
Although the Company attempts to sweep e-mail and attachments for viruses,
it does not guarantee that either are virus-free and accepts no liability
for any damage sustained as a result of viruses.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault