Penetration Testing mailing list archives
RE: Webdev fuss so what?
From: "McElroy Richard" <RMcElroy () mbe com>
Date: Fri, 9 May 2003 15:11:00 -0400
You are absolutley not safe I would recommend patching. I got 3 false positives off of machines that I tested as well. -----Original Message----- From: peter devris [mailto:peterdevris () hotmail com] Sent: Thursday, May 08, 2003 5:17 PM To: pen-test () securityfocus com Subject: Webdev fuss so what? What is all the fuss about the webdev vul? I have an IIS5.0 server SP3 and thought I best check this out so tried the following to test and exploit my server webdevfinder.pl - by SensePost Research returns - WebDAV possibly in use OK looks like a problem, so now test exploit using: webdavx.pl - by isno () xfocus org returns - attempting all the offsets 0-7: send buffer... telnet target 7788 if fail, try other offset(0-7) All telnet attempts failed to connect! webdavIIS50.pl by www.infowarfare.dk Returns IIS 5.0 WebDAV BufferOverflow attack but fails to do anything!! wbr.exe - ntdll.dll exploit trough WebDAV by kralor[Crpt] failed to nc to my listening port! Results: Checking WebDav on 'xxxx' ... FOUND exploiting ntdll.dll through WebDav [ret: 0x00100010] Connecting... CONNECTED Sending evil request... SENT Server seems to be patched. data: HTTP/1.1 500 Internal Server Failure Server: Micr╠╠ñ²↕ Hey this server is not patched! Ok all the above failed, so I am safe? Next step was to build a Win2k SP 1 - default install IIS5.0 and repeat all the above. Guess what all failed, so even with SP1 and SP3 - straight out of the box I was not vuln to this WebDev exploit So what is all of the fuss about? During the testing both Web servers still ran and never when down. Cheers peter --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
Current thread:
- Webdev fuss so what? peter devris (May 09)
- Re: Webdev fuss so what? mvillanova (May 11)
- <Possible follow-ups>
- RE: Webdev fuss so what? McElroy Richard (May 09)