Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: IIS again.

IIS again.

From: <dilbert96_at_hushmail.com>
Date: Fri, 18 May 2001 08:59:27 +0000 (GMT)

Hello all,
 
 
I know there are many of these already around but here is a program I wrote
for the Unicode vulnerability which works for the IIS double-parse vulnerability.
The program simulates an interactive command prompt and allows switching
to and from cmd.exe interactively. The ZIP contains two files iisenc.pl
and exploits.txt which contains the GET strings etc. To add further strings
the format is:
 
GET /STRING tab WhatIsExpectedInReturn tab Comments
 
Regards,
 
Gary O'leary-Steele
 
P.S Anyone know where I can get a PPTP sniffer for Windows NT?
Free, encrypted, secure Web-based email at www.hushmail.com

IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.

Received on May 18 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos