mailing list archives
Re: Exploit Tool
From: voguemaster <hydrax () netvision net il>
Date: Sat, 09 Nov 2002 20:01:49 +0200
What you really need is a proof of concept exploit and a demonstration.
However, I'm not convinced that every security vuln has a proof of
07/11/02 21:15:31, JM <james__mcgee () hotmail com> wrote:
Sorry for the dumb question...but someone must be able to help...
There are loads of tools out there to identify vulnerabilites, I for one am
using Retina 4.9. This is good in that it tell you exactly how to fix the
What I would like to know is if there are any tools out there that will find
the vulnerabilitites and test them, i.e. Try to exploit them.
For example, running the vulnerability scanner against a particular host
list the following as a vulnerability;
Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW
DESCRIPTION: A vulnerability in IIS involving the processing of
chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
attacker to remotely execute the
code of his choice
RISK LEVEL: High
HOW TO FIX: Microsoft has released a hotfix to eliminate this
RELATED LINKS: Microsoft Security Bulletin
What I would like to know is, if there is a tool that could demonstrate this
vulnerability by exploting it. Of course this would be done in a test
environment only, but it is to demonstrate the exploit to a client who
thinks these things are rarely exploited.
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002
"There's so many different worlds
So many different suns
And we have just one world
But we live in different ones.."
- Dire Straits - "Brothers in Arms"