Full Disclosure mailing list archives
RE: Unusual request
From: "badpack3t" <badpack3t () security-protocols com>
Date: Thu, 13 Feb 2003 12:42:52 -0500 (EST)
your a 'Adjunct Information Security Officer' and you cant even figure out a simple IIS exploit? hahahahah or where to research for one? lame....
On Thu, 2003-02-13 at 07:58, Rapaille Max wrote:Hi, I did this kind of demo 2-3 times already, with a Win2k SP2 and IIS. To add a layer, we just added a firewall between the ISS and the attacker PC .. with just Port 80 incoming and, as (too)usual, All port open for outgoing... Just using a unicode exploit, and then loading some tools, defacing web page, taking remote control, etc... A lot of fun for Us, and great astonishment for the public.. Certainly with the firewall.. A lot of them where just saying, before the demo : We are secure, our integrator installed a firewall... BTW, we also used some tools ike unicoder.pl and Upload.asp, to demonstrate, in a second time, how easy it is, even if you don't know what you do... Good effect of awareness for those managers, Engineer, etc...That's precisely what I have in mind. -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Unusual request, (continued)
- Re: Unusual request yossarian (Feb 12)
- Re: Unusual request Nexus (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- Re: Unusual request aeonflux (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- RE: Unusual request Steve Wray (Feb 12)
- RE: Unusual request Paul Schmehl (Feb 13)
- RE: Unusual request badpack3t (Feb 13)