|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Webdev fuss so what?
From: McElroy Richard (RMcElroy
mbe.com)
Date: Fri May 09 2003 - 14:11:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You are absolutley not safe I would recommend patching. I got 3 false positives off of machines that I tested as well.
-----Original Message-----
From: peter devris [mailto:peterdevrishotmail.com]
Sent: Thursday, May 08, 2003 5:17 PM
To: pen-testsecurityfocus.com
Subject: Webdev fuss so what?
What is all the fuss about the webdev vul?
I have an IIS5.0 server SP3 and thought I best check
this out so tried the following to test and exploit my
server
webdevfinder.pl - by SensePost Research
returns - WebDAV possibly in use
OK looks like a problem, so now test exploit using:
webdavx.pl - by isnoxfocus.org
returns - attempting all the offsets 0-7:
send buffer...
telnet target 7788
if fail, try other offset(0-7)
All telnet attempts failed to connect!
webdavIIS50.pl by www.infowarfare.dk
Returns
IIS 5.0 WebDAV BufferOverflow attack
but fails to do anything!!
wbr.exe - ntdll.dll exploit trough WebDAV by kralor[Crpt]
failed to nc to my listening port!
Results:
Checking WebDav on 'xxxx' ... FOUND
exploiting ntdll.dll through WebDav [ret: 0x00100010]
Connecting... CONNECTED
Sending evil request... SENT
Server seems to be patched.
data: HTTP/1.1 500 Internal Server Failure
Server: Micr╠╠ņē↕
Hey this server is not patched!
Ok all the above failed, so I am safe?
Next step was to build a Win2k SP 1 - default install
IIS5.0 and repeat all the above.
Guess what all failed, so even with SP1 and SP3 -
straight out of the box I was not vuln to this WebDev
exploit
So what is all of the fuss about?
During the testing both Web servers still ran and never
when down.
Cheers peter
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]