Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Pen Test help

from [Juda Barnes] Network Security [Permanent Link]
Subject: RE: Pen Test help
Date: Sun, 17 Jul 2005 21:32:51 +0200 
Hi Moore 

        I have thought about this options therefor I tried to use the CMD
options (I didn't know we have check command)  
        Anyway   the machine have 53/tcp  open port   so if I will have the
right exploit I will be able to bind to 53 the shell

        till there I am scrue ;-(

msf iis50_webdav_ntdll(win32_exec) > check
[*] Server does not appear to be vulnerable

:(  

Well I tried most of the framework exploits none of them work.

Looking for furthere info

Thank you


 

-----Original Message-----
From: H D Moore [mailto:sflist@digitaloffense.net] 
Sent: Saturday, July 16, 2005 9:39 PM
To: pen-test@securityfocus.com
Subject: Re: Pen Test help

Could it be that the firewall is preventing you from accessing the
win32_bind port and blocking the outbound connection from win32_reverse? 
You may want to try exploiting this from an external system and using
win32_reverse with a different LPORT value (53, 25, 80, etc). If the "check"
command in the WebDAV exploit thinks the system is vulnerable, there is a
pretty good chance that it is. 

-HD

On Saturday 16 July 2005 10:14, Juda Barnes wrote:

I allready used that I am unable to get win32_reverse or win32_bind

With the two exploits nsiislog_post   and webdav_ntdll

Any other ideas ?

-----Original Message-----
From: er t [mailto:er587@hotmail.com]
Sent: Friday, July 15, 2005 5:48 PM
To: securityfocus@mymail.pent900.com; pen-test@securityfocus.com
Subject: RE: Pen Test help

Try Metasploit

NSIISLOG.DLL  -
http://www.metasploit.com/projects/Framework/exploits.html#iis_nsiislog
_post WebDav Remote exploit  MS03-007 -
http://www.metasploit.com/projects/Framework/exploits.html#iis50_webdav
_ntdl l
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  list of address that you don't want to scan, First Last
Next by Date:  RE: Bluetooth, Leandro Reox
Previous by Thread:  Re: Pen Test help, H D Moore
Next by Thread:  Re: Pen Test help, H D Moore
Indexes:  [Date] [Thread] [Top] [All Lists]