RE: Some Few Doubts on IIS Vuln

[kaps lock <secnerdkaps () yahoo com>]

Thanks for your reply Dave,

Basically i was asking how to determine nessus results
to be false positives or actual holes in network.

As i percieve i think if i craft the same request for
an attack ,i cud decide based on response whther its a
false positives or not..but am failing to craft those
requests coz i don;t know how to...

like uploading a test.html file and deleting it on a
webserver ..i hav no clue how to craft a equest which
cud actually uplod a file and delete it.So basically
how can i trsut nessus on tht.

then finding the Authentication mechanism behind a
given smtp server seems to be a big vulnerabilty but
how cud i determine whther nessus was true bout it or
not...coz i don't know how i cud actually craft a
request which would help me determine the
authentication mechanism or fail me.

thanks for the pointer on wfetch it seems like a great
tool but i still need to know 
1) a good place where i cud learn crafting same
requests a s nessus seeing results to ascertain as a
false positive or not.

2)or if you coudl teach me a process of how you go
about deciding whther a result is false positive or
not.
thanks
kaps
--- dave kleiman <dave () isecureu com> wrote:

> Kaps,
>
> You did not specify what you did the NESSUS scan on,
> but I will take a shot
> that that it sounds like IIS5.
>
> 1.  .IDA ISAPI can be many things, for example, the
> Index Service running
> provides for administrative scripts .IDA files. 
> Installing URLScan will
> block these requests, and provide you with a log of
> the attempt, therefore
> you would see what Nessus was attempting.
http://www.microsoft.com/downloads/details.aspx?familyid=23d18937-dd7e-4613-
> 9928-7f94ef1c902a&displaylang=en
>
> 2.  Wfetch will let you do those commands manually:
http://download.microsoft.com/download/d/e/5/de5351d6-4463-4cc3-a27c-3e22742
> 63c43/wfetch.exe
>
> 3.  Since we do not know what mail server or what
> authentication it uses
> this might be difficult.
>
> 4.  Have you visited the documentation on
> http://www.nessus.org/  ??
>
> Regards,
>
> ____________________________________________
> Dave Kleiman, CIFI, CISM, CISSP, ISSMP, MCSE
>
> www.SecurityBreachResponse.com
>
>
> -----Original Message-----
> From: kaps lock [mailto:secnerdkaps () yahoo com]
> Sent: Monday, January 31, 2005 12:29
> To: security-basics () securityfocus com
> Subject: Some Few Doubts on IIS Vuln
>
>
> hi all,
> I did a VA scan using nESSUS and was need help in
> the analysis part of it
> and inturn learn more :
>
> 1).IDA ISAPI filter mapped
>    What does mapped means?Could anyone tell me what
> exactly this filter is
> used for and what is a .ida extension ,i mean i know
> code red and all but
> still wud like to know what is the function of this
> filter and wht a .ida
> extension is ?an example string ....if anyone knows
> to test this vuln on
> server tht i cud use as a manual penetration tsting
> tip?
>
> 2)if i find a server on which u can successfull
> upload and delete a file say
> test.html with PUT and DELETE.How could i manually
> actually do this on the
> server ,basically how to craft that attack or how to
> go about it.
>
> 3)The mail server on a specially crafted GET request
> reveals the
> authentication mechanism??
> What reuqest by Nessus made this conclusion?any tips
>
> 4)too many arguements on the ACCEPT command can
> crash the server..now this
> is surely a false positive but i cud i make it for
> sure?
>
> thanks all...
>
>
>
> __________________________________
> Do you Yahoo!?
> Take Yahoo! Mail with you! Get it on your mobile
> phone.
> http://mobile.yahoo.com/mail



                
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail