Home page logo

basics logo Security Basics mailing list archives

Re: Exploit Tool
From: voguemaster <hydrax () netvision net il>
Date: Sat, 09 Nov 2002 20:01:49 +0200

What you really need is a proof of concept exploit and a demonstration.
However, I'm not convinced that every security vuln has a proof of
concept exploit.


07/11/02 21:15:31, JM <james__mcgee () hotmail com> wrote:

Sorry for the dumb question...but someone must be able to help...

There are loads of tools out there to identify vulnerabilites, I for one am
using Retina 4.9. This is good in that it tell you exactly how to fix the

What I would like to know is if there are any tools out there that will find
the vulnerabilitites and test them, i.e. Try to exploit them.

For example, running the vulnerability scanner against a particular host
list the following as a vulnerability;

DESCRIPTION:            A vulnerability in IIS involving the processing of
chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
attacker to                                         remotely execute the
code of his choice
RISK LEVEL:                High
HOW TO FIX:                Microsoft has released a hotfix to eliminate this
RELATED LINKS:        Microsoft Security Bulletin
                                       eEye Advisory
CVE:                            CAN-2002-0364

What I would like to know is, if there is a tool that could demonstrate this
vulnerability by exploting it.  Of course this would be done in a test
environment only, but it is to demonstrate the exploit to a client who
thinks these things are rarely exploited.



Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002

"There's so many different worlds
 So many different suns
 And we have just one world
 But we live in different ones.."
 - Dire Straits - "Brothers in Arms"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]