From: 09sparky@gmail.com
Date: Thu Oct 05 2006 - 20:45:55 EDT
Next, with uploading tools/exploits: what type of tools/exploits would you use within the FrontPage root directory to actually gain system privileges? Can you run exploits from within this type of application to gain admin privileges? How do you know what its internal vulnerabilities are? I cannot run an VA tools against it from the internal network to see its Microsoft vulnerabilities (i.e plug and play). Or run tools like metasploit.
Sorry if these are foolish questions, I am just trying to get a grasp for the procedure. I did notice that this particular server did have "nc" in the Frontpage root directory (installed by hacker), but I didn't think that it could be executed from within this folder.
Also, If anyone has a link to the "tool25.dat" or other web defacement tools and/or exploits that could be run after FrontPage compromise (upload rights), I that would be great. I would be very interested in running these in our lab for further understanding/knowledge.
Thanks,
Sparky
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:08 EDT