From: Jamie Riden (jamesr@europe.com)
Date: Fri Oct 06 2006 - 16:14:21 EDT
On 6 Oct 2006 00:45:55 -0000, 09sparky@gmail.com <09sparky@gmail.com> wrote:
> Trying to get some clarification for myself: Ok, so I have full access to the FrontPage server application (via no password set). I am able to upload/download/delete/etc. At this point you could already deface the website. Why would you use a tool like tool25.dat? I am not familiar with this tool, but is it used to gain access to a web server, or used after you already have upload/download privileges?
tool25.dat and other scripts have functionality that can include
connecting to mysql, mssql, oracle, postgres databases, browsing
directories, sending email and of course trying a variety of different
ways to execute system commands.
for example, see
http://www.google.com/search?hl=en&lr=&q=%22Defacing+Tool+2.0+by+r3v3ng4ns%22&btnG=Search
In some ways, they're the web equivalent of the tgz's full of local
privilege escalation exploits that people like to upload.
There is probably an ASP equivalent - all of the ones I have looked at
are for PHP.
cheers,
Jamie
-- Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com NZ Honeynet project - http://www.nz-honeynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:08 EDT