Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-disclosure] CORE-Impact license bypass

from [Marc Maiffret] Network Security [Permanent Link]
Subject: RE: [Full-disclosure] CORE-Impact license bypass
Date: Mon, 26 Sep 2005 13:49:39 -0700 
<snip>

  As far as automated tools go, bah, manually exploiting the 
holes is certainly the way to go.  But, the automated tools 
usually produce nice pretty reports that you can show the 
client.  They just LOOOOOVVVVVEEEEEE pretty reports with many 
bright colors and such for the good stuff and dark "hacker 
like" colors for the bad stuff :-)

  Exibar


Why is manually exploiting holes the way to go? More so what do you mean
by manually? Writing the exploit yourself? (Few consultants can do that,
and even fewer can do that good). So maybe manually means downloading
hax0rw4ng495's exploit off bugtraq and using that? Or?

So I am curious what was the last SMB/RPC exploit that you saw that took
advantage of SMB/RPC fragmentation for stealth purposes of evading
IDS/IPS systems? I cant think of any that have done that but I can think
of an automated exploit system (Canvas) that does just that.

Or when was the last time you saw a good RPC remote exploit that was
able to take advantage of all known attack vectors?
139,445,dynamicport,rpc over http, bla bla bla. But again both of the
automated attack systems (canvas/core) do just that.

I'm playing devils advocate so its not that I completely disagree but I
think for the average consultant (99% of consultants) using an automated
solution like Core/Canvas is going to do far more for them.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities 

Important Notice: This email is confidential, may be legally privileged,
and is for the intended recipient only. Access, disclosure, copying,
distribution, or reliance on any of it by anyone else is prohibited and
may be a criminal offense.  Please delete if obtained in error and email
confirmation to the sender.  
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Re: in-line coax monitoring device, Michael Holstein
Next by Date:  RE: [Full-disclosure] Re: Request to publish your Proof of Concept(esc1.html), ad
Previous by Thread:  Re: [Full-disclosure] CORE-Impact license bypass, c0ntex
Next by Thread:  Re: [Full-disclosure] CORE-Impact license bypass, Exibar
Indexes:  [Date] [Thread] [Top] [All Lists]