Re: Exploitable vulnerabilities in Microsoft IIS/7.0

[Marcelo Ferreira de Carvalho <marcelocarvalho09 () hotmail com>]

Is really difficult find out a exploitable vulnerability on IIS, because 
microsoft has been spend a big effort to look for privately vulnerability 
every monthy. Just to you hv a good idea the last most powerful threat 
discovery of the earth THE FLAME, uses a stolen digital certificate instead 
exploitable code

actually mostly casual or acidental bug are discovered..but the first 
technical step to take is use a good fuzzer like 
http://lcamtuf.coredump.cx/cross_fuzz/cross_fuzz_randomized_20110105_seed.html#-939906642, 
and the next step if you hv luck and find out a Access Violation memory u 
can debug it with windbg and build your exploit...

I advise u add some good researchers  on your twitter to be on line and 
learn abt last discoveries and who knows a Zero days..

marcelo carvalho

-----Original Message----- 
From: Nikhil Varghese
Sent: Thursday, June 07, 2012 1:58 PM
To: security-basics () securityfocus com
Subject: Re: Exploitable vulnerabilities in Microsoft IIS/7.0

I think exploit development in windows is too difficult. I really
don't know where to start. The only experience I have is in using
metasploit.

Which is the best resource I can get to develop windows exploits?


On Wed, Jun 6, 2012 at 11:37 PM, Nikhil Varghese <nkvp.93 () gmail com> wrote:
> I found two more vulnerabilities, but i still don't have any way of
> testing them on my system.
>
> http://www.securitytracker.com/id/1024079
> http://www.securitytracker.com/id/1024440
>
> I tried to develop my own exploit but the information is too vague. It
> would be useful if anyone has an exploit or can help me out in anyway
> possible.
>
>
>
> On Wed, Jun 6, 2012 at 11:13 PM, Nikhil Varghese <nkvp.93 () gmail com> 
> wrote:
> > Are there any vulnerabilities in Microsoft IIS/7.0 that are
> > exploitable? I found one:
> > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0074.
> > However, i could not find any metasploit exploit for the vulnerability.
> >
> > How can I test if my IIS server is vulnerable since i run Microsoft
> > IIS/7.0 in my system? Has anyone written an exploit/detailed
> > explanation for this yet?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL 
certificate.  We look at how SSL works, how it benefits your company and how 
your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web 
server. Throughout, best practices for set-up are highlighted to help you 
ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------