Penetration Testing mailing list archives
Re: ASP Files
From: H D Moore <hdm () digitaloffense net>
Date: Tue, 10 Dec 2002 12:39:27 -0600
Although not ASP specific, you might want to check out the "DDI_IIS_Compromised.nasl" plugin in the Nessus scanner distribution. It checks for most of the things left in the web root by your casual warez cracker. I will be submitting a slightly improved version sometime this week, but the "official" version can be found at: (possibly wrapped) http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/DDI_IIS_Compromised.nasl If you simply want to crawl an entire site and scan every single ASP script that's linked (besides a few common ones, kids really don't name their backdoors anything consistent), try looking for things like type="FILE" (for upload scripts), or common words like "execute" and "command". -HD On Tuesday 10 December 2002 09:01 am, Ian Lyte wrote:
Hi All, I'm looking for some sample .asp / .php files (preferably some captured from honeypots if at all possible) that are currently being uploaded on compromised systems.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- ASP Files Ian Lyte (Dec 10)
- Re: ASP Files Javier Fernández-Sanguino Peña (Dec 10)
- Re: ASP Files H D Moore (Dec 10)
- <Possible follow-ups>
- RE: ASP Files Ben Meghreblian (Dec 10)