your a 'Adjunct Information Security Officer' and you cant even figure out a simple IIS exploit? hahahahah or where to research for one? lame....
> On Thu, 2003-02-13 at 07:58, Rapaille Max wrote: >> Hi, >> >> I did this kind of demo 2-3 times already, with a Win2k SP2 and IIS. >> To add a layer, we just added a firewall between the ISS and the >> attacker PC .. with just Port 80 incoming and, as (too)usual, All >> port open for outgoing... Just using a unicode exploit, and then >> loading some tools, defacing web page, taking remote control, etc... >> A lot of fun for Us, and great astonishment for the public.. >> Certainly with the firewall.. A lot of them where just saying, before >> the demo : We are secure, our integrator installed a firewall... >> BTW, we also used some tools ike unicoder.pl and Upload.asp, to >> demonstrate, in a second time, how easy it is, even if you don't know >> what you do... >> >> Good effect of awareness for those managers, Engineer, etc... > > That's precisely what I have in mind. > > -- > Paul Schmehl ([EMAIL PROTECTED]) > Adjunct Information Security Officer > The University of Texas at Dallas > http://www.utdallas.edu/~pauls/ > AVIEN Founding Member > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
