go to nmap.ru and xspider.ru ----- Original Message ----- From: "JM" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 07, 2002 10:15 PM Subject: Re: Exploit Tool
> > > > Sorry for the dumb question...but someone must be able to help... > > There are loads of tools out there to identify vulnerabilites, I for one am > using Retina 4.9. This is good in that it tell you exactly how to fix the > problem. > > What I would like to know is if there are any tools out there that will find > the vulnerabilitites and test them, i.e. Try to exploit them. > > For example, running the vulnerability scanner against a particular host > list the following as a vulnerability; > > Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW > DESCRIPTION: A vulnerability in IIS involving the processing of > chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an > attacker to remotely execute the > code of his choice > RISK LEVEL: High > HOW TO FIX: Microsoft has released a hotfix to eliminate this > vulnerability > RELATED LINKS: Microsoft Security Bulletin > eEye Advisory > CVE: CAN-2002-0364 > > What I would like to know is, if there is a tool that could demonstrate this > vulnerability by exploting it. Of course this would be done in a test > environment only, but it is to demonstrate the exploit to a client who > thinks these things are rarely exploited. > > Thanks > > > JM > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002 > >
