mailing list archives
Re: Exploit Tool
From: "TAJiK" <t4jik () mail ru>
Date: Fri, 8 Nov 2002 22:33:30 +0300
go to nmap.ru and xspider.ru
----- Original Message -----
From: "JM" <james__mcgee () hotmail com>
To: <security-basics () securityfocus com>
Sent: Thursday, November 07, 2002 10:15 PM
Subject: Re: Exploit Tool
Sorry for the dumb question...but someone must be able to help...
There are loads of tools out there to identify vulnerabilites, I for one
using Retina 4.9. This is good in that it tell you exactly how to fix the
What I would like to know is if there are any tools out there that will
the vulnerabilitites and test them, i.e. Try to exploit them.
For example, running the vulnerability scanner against a particular host
list the following as a vulnerability;
Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW
DESCRIPTION: A vulnerability in IIS involving the processing of
chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
attacker to remotely execute the
code of his choice
RISK LEVEL: High
HOW TO FIX: Microsoft has released a hotfix to eliminate
RELATED LINKS: Microsoft Security Bulletin
What I would like to know is, if there is a tool that could demonstrate
vulnerability by exploting it. Of course this would be done in a test
environment only, but it is to demonstrate the exploit to a client who
thinks these things are rarely exploited.
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002