RE: Exploit Tool

["Marc Maiffret" <marc () eeye com>]

The hacker thing is no big secret, I've talked about it openly forever...
and hence CHO. Your incorrect about all of your facts though. The incorrect
hacking facts don't really bother me cause the past is the past so whatever.
Yah I was a bad boy :-) but that was over 5 years ago and long behind me.

Your ignorant comments made about Retina being copied are however rather
annoying to read. Retina was not copied from someone in Australia... "I can
guarantee you that". Nor does Retina have anything to do with Shadow
Security Scanner.

While I am "flattered" by people attempting to rip off our software and
completely mimic eEye. It can be a bit bothersome when people make such
blatantly false comments such as the ones below.

Then again it all starts to make sense when I remember who Greg is, the
hacker nickname he use to go by, the fact that I turned you down for a job,
how jealously can rear its ugly head. Its great that you finally got a real
job though... truly happy for you.

I would suggest though that you start putting tag lines such as "These
ignorant comments are my own, they are not the opinions of my employer".
That way your companies legal department does not become rather upset with
you when you go run your mouth making libel comments on a public mailing
list.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: Greg van der Gaast [mailto:greg.van.der.gaast () ordina nl]
| Sent: Tuesday, November 12, 2002 4:13 AM
| To: security-basics () securityfocus com
| Subject: RE: Exploit Tool
|
|
| Retina isn't copied from SSS. I can guarantee you that. Marc Maiffret
| (eEye's Chief Hacking Officer) aka former hacker 'chameleon' of MoD fame
| (not to mention gullible enough to think terrorists were sending him
| money for his stolen DISA files, only to mysteriously find half a dozen
| special agents in his bedroom pointing a gun to his head one early
| morning), actually stole the code for the Retina backend from an
| Australian programmer in Brisbane, who will remain unnamed.
|
| Good thing we're all ethical folks, eh?
|
| Regards,
|
| Greg van der Gaast
| Ordina Public
| Security Services
|
| -----Oorspronkelijk bericht-----
| Van: khayes () eastbay com [mailto:khayes () eastbay com]
| Verzonden: Monday, November 11, 2002 2:43 PM
| Aan: Leonard.Ong () nokia com
| CC: james__mcgee () hotmail com; security-basics () securityfocus com
| Onderwerp: RE: Exploit Tool
|
|
|
| Unfortunately, I've never used Retina Scanner so I'm probably not in the
| position to claim who's copying who.  (smile)  I do know that currently
| SSS
| holds the spot as the 'preferred tool' for exploit identification in the
| warez/hacking scene.
|
| I've seen it used a number of times on compromised systems.  That is to
| say, someone has popped a shell of sorts and run SSS from a script.  The
| Modus Operandi  seems to be they compromise one node running an FTPD.
| They
| then upload SSS and a predefined scan script.  They then pass the
| appropriate commands to run SSS from the remote host to scan their real
| target(s).  Once SSS is done they FTP back on to the machine and
| retrieve
| the results.
|
| I'll grab a copy of Retina Scanner and tear through it now that you have
| my
| curiosity peaked.
|
| - KJH
|
| Ken Hayes
| Network Administrator
| Eastbay / Footlocker.com
| Wausau, WI Offices
| (715) 261-9573
| khayes () eastbay com
|
|
|
|
|
|
|
|
|
|
|
|                                        To:     <khayes () eastbay com>,
| <james__mcgee () hotmail com>
|                                        cc:
| <security-basics () securityfocus com>
|
|               <Leonard.Ong () nokia com>  Subject:  RE: Exploit Tool
|
|
|
|               11/10/2002 07:06 PM
|
|
|
|
|
|
|
|
|
| Hi,
|
| There is one question that tickles me from long time ago.  If you check
| on
| Shadow Security Scanner and Retina Scanner from Eeye, they resemble each
| other.
|
| Anyone knows if they are using a common GUI, or either 'copying' the
| others
| ?
|
| I found very little documentation on the official website(russian) for
| SSS.
|
| Thank you
|
|
| Regards,
| Leonard Ong
| Network Security Specialist, APAC
| NOKIA
|
| Email.  Leonard.Ong () nokia com
| Mobile. +65 9431 6184
| Phone.  +65 6723 1724
| Fax.    +65 6723 1596
|
|
|
| -----Original Message-----
| From: ext khayes () eastbay com [mailto:khayes () eastbay com]
| Sent: Saturday, November 09, 2002 5:03 AM
| To: JM
| Cc: security-basics () securityfocus com
| Subject: Re: Exploit Tool
|
|
|
|
| Shadow Security Scanner is currently the hot tool in the exploit
| checking
| circles.  It's exploit DB is regularly updated with the latest and
| greatest.  It not only checks to see if the exploit exists, it tests the
| exploit and then reports back it's findings.
|
| - You can customize your scans to include or exclude what
| filters/exploits
| you want to test on.
| - You can run the test against a single IP or a range.
| - Reports are delivered in HTML format but can be exported to a number
| of
| other formats
|
| Do a search at Google for it.
|
| Regards,
| - KJH
|
| Ken Hayes
| Network Administrator
| Eastbay / Footlocker.com
| Wausau, WI Offices
| (715) 261-9573
| khayes () eastbay com
|
|
|
|
|
|
|
|                                        To:
| <security-basics () securityfocus com>
|
|                                        cc:
|
|               "JM"                     Subject:  Re: Exploit Tool
|
|               <james__mcgee () hotmail co
|
|               m>
|
|
|               11/07/2002 11:15 AM
|
|
|
|
|
|
|
|
|
|
| Sorry for the dumb question...but someone must be able to help...
|
| There are loads of tools out there to identify vulnerabilites, I for one
| am
| using Retina 4.9. This is good in that it tell you exactly how to fix
| the
| problem.
|
| What I would like to know is if there are any tools out there that will
| find
| the vulnerabilitites and test them, i.e. Try to exploit them.
|
| For example, running the vulnerability scanner against a particular host
| list the following as a vulnerability;
|
| Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW
| DESCRIPTION:            A vulnerability in IIS involving the processing
| of
| chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
| attacker to                                         remotely execute the
| code of his choice
| RISK LEVEL:                High
| HOW TO FIX:                Microsoft has released a hotfix to eliminate
| this
| vulnerability
| RELATED LINKS:        Microsoft Security Bulletin
|                                         eEye Advisory
| CVE:                            CAN-2002-0364
|
| What I would like to know is, if there is a tool that could demonstrate
| this
| vulnerability by exploting it.  Of course this would be done in a test
| environment only, but it is to demonstrate the exploit to a client who
| thinks these things are rarely exploited.
|
| Thanks
|
|
| JM
|
|
| ---
| Outgoing mail is certified Virus Free.
| Checked by AVG anti-virus system (http://www.grisoft.com).
| Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002
|
|
|
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| - -
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| - -
| - - - - - - - - - - - - - - -
| The information in this e-mail, and any attachment therein, is
| confidential
| and for use by the addressee only.  If you are not the intended
| recipient,
| please return the e-mail to the sender and delete it from your computer.
| Although the Company attempts to sweep e-mail and attachments for
| viruses,
| it does not guarantee that either are virus-free and accepts no
| liability
| for any damage sustained as a result of viruses.
|
|
|
|
|
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| - -
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| - -
| - - - - - - - - - - - - - - -
| The information in this e-mail, and any attachment therein, is
| confidential
| and for use by the addressee only.  If you are not the intended
| recipient,
| please return the e-mail to the sender and delete it from your computer.
| Although the Company attempts to sweep e-mail and attachments for
| viruses,
| it does not guarantee that either are virus-free and accepts no
| liability
| for any damage sustained as a result of viruses.
|
|