Djalal's Status Report - #13 of 17

[Djalal Harouni <tixxdz () opendz org>]

Hi,

Accomplishments:
* Updated my script idea list and other parts of the script ideas page.

* Committed Chris Woodbury patches for the print_hex() function [1].

* Contacted metasploit developers MC and bannedit to get more information
  about the Zend Java bridge remote code execution vulnerability [2] and
  their modules, and I got a quick response from MC, thanks man :)
  (the metasploit developers hare very helpful).

  It seems that the problem is in my side: I did not install/configure
  the Zend Server correctly.
  (aah it's really hard to follow the Windows software installation
  process :) ).

* Have done a lot of research about the vulnerability library, and have
  written a draft proposal for it. Finally I've also started the
  implementation, and I'll push more code soon.

* I've reviewed the Microsoft Print Spooler Impersonation vulnerability
  details (CVE-2010-2729) and prepared a vulnerable Windows for it.

* Had a meeting with Henri.


Priorities:
* Re-test the Zend Java bridge metasploit modules, confirm the
  vulnerability and finish the zend-vuln-osvdb-71420.nse script.

* Finish the the vulnerability library vulns.lua

* Work on the Microsoft Print Spooler Service Impersonation vulnerability
  (CVE-2010-2729).

* Discuss with my mentor and others the idea of a vulnerability detection
  script that will use a db like OSVDB or a web service like:
  exploitsearch.net

* Continue work on my list of scripts.

[1] http://seclists.org/nmap-dev/2011/q3/315
[2] http://osvdb.org/71420

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/