Home page logo
/

basics logo Security Basics mailing list archives

Re: Exploit Tool
From: "TAJiK" <t4jik () mail ru>
Date: Fri, 8 Nov 2002 22:33:30 +0300

go to nmap.ru and xspider.ru

----- Original Message -----
From: "JM" <james__mcgee () hotmail com>
To: <security-basics () securityfocus com>
Sent: Thursday, November 07, 2002 10:15 PM
Subject: Re: Exploit Tool





Sorry for the dumb question...but someone must be able to help...

There are loads of tools out there to identify vulnerabilites, I for one
am
using Retina 4.9. This is good in that it tell you exactly how to fix the
problem.

What I would like to know is if there are any tools out there that will
find
the vulnerabilitites and test them, i.e. Try to exploit them.

For example, running the vulnerability scanner against a particular host
list the following as a vulnerability;

Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW
DESCRIPTION:            A vulnerability in IIS involving the processing of
chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
attacker to                                         remotely execute the
code of his choice
RISK LEVEL:                High
HOW TO FIX:                Microsoft has released a hotfix to eliminate
this
vulnerability
RELATED LINKS:        Microsoft Security Bulletin
                                        eEye Advisory
CVE:                            CAN-2002-0364

What I would like to know is, if there is a tool that could demonstrate
this
vulnerability by exploting it.  Of course this would be done in a test
environment only, but it is to demonstrate the exploit to a client who
thinks these things are rarely exploited.

Thanks


JM


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]