Libwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing. Function reference available here.
06ac9f0f28d5269c893937e03d342c64Whisker is a high quality URL scanner which is used to search for known vulnerable CGIs on websites. Whisker does this by both scanning the the CGIs directly as well as crawling the website in order to determine what CGIs are already currently in use. Whisker is scriptable and is easily tailored to do lots of flexible web scanning. Very stealthy. Implemented anti-IDS techniques. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host, Proxy, and SSL support.
cb51d20dad52350c93845fdc6829d577Libwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing.
321791a97018d7ea19009201f1d6f59cRFP2201 - MS Site Server Evilness. Security considerations to keep in mind when using Site Server 3.0. Includes info on a LDAP_Anonymous account w/ default password, information leakage and more via administrative pages, information leakage via _mem_bin pages, Cross-site scripting in various files, anonymous LDAP access, user publishing of files, Content publishing (cphost.dll) issues, and more.
e2d780dcf2358bfa5f20ab1ee03d4253Details and source diffs for the wu-ftpd v2.6.1 remote overflow vulnerability. By leaving off closing ']' and '}' characters, it's possible to get the glob function to construct a long string which very well may overflow a buffer in gzip v1.2.4.
9afb781f1eb9dc807231073297c6358eLibwhisker is a perl module for performing whisker CGI vulnerability checks. This is a preview release.
859aeb6d3a54ca680487199d965afd49Packet Storm Contest Entry - Purgatory 101: Learning to cope with the SYNs of the Internet. (Text Format)
c110cd8bef1740afe99517c838c3f297RFP2101 - SQL hacking user logins in PHP-Nuke web portal. PHP-Nuke v4.3 contains authentication weaknesses in the SQL code which allows you to impersonate other users and retrieve their password hashes.
3570beaf791c09186294e288c2be8fa3whisker v1.40 with native SSL support. Adds a -x option which uses the Net::SSLeay perl module and OpenSSL. Whisker is what I've dubbed a 'next generation' CGI scanner. I've implemented anti-IDS checks into the scan. Includes over 200 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support. Can be used as a CGI.
f7dc98073ab34f8f2717f8dcda302b80RFPolicy 2.0 - rain forest puppy's policy on notifying vendors and releasing security vulnerabilities.
4bb04bf50ab00e365ec966deb62c2a7arain forest puppy's investigation of the recent Microsoft IIS remote command execution vulnerability which was first mentioned in a ms00-078. UNICODE character translation on foreign IIS 4.0 and 5.0 servers allows additional ways of encoding '/' and '\', allowing commands to be executed under the IUSR_machine context.
0747c7e7a7c3fccad5338bc0d6e7aed9whisker is what I've dubbed a 'next generation' CGI scanner. It is Scriptable. It's a programming-ish language that is tailored to do lots of flexible web scanning. Very stealthy. I've implemented anti-IDS checks into the scan. Includes over 200 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support. Can be used as a CGI.
82bfffab803d74c8d6e064e3c4533a34NetProwler 3.0, a network based intrusion detection system, has a remote denial of service vulnerability. The software crashes when two fragmented IP packets are sent to an IP address that it is profiling. Netprowler must be profiling ftp in order for the exploit to work. Please note that Netprowler logs all incoming alerts to a Microsoft .mdb file. Please read RFP2K04.txt for more information.
5bd530cb9b410972d046a033cfbf8ecdRFP2K04 - Mining BlackICE with RFPickAxe. BlackICE IDS uses a management console called ICECap to collect and monitor alerts sent by the various installed BlackICE agents. The ICECap user console sits on port 8081 and has the default login of 'iceman' with no password. The second problem is that the software uses, by default, the Microsoft Jet 3.5 engine to store alerts. If you couple that with the shell VBA problem, that means you can push alerts that contain commands to be executed on the ICECap system. Includes RFPickaxe.pl demo exploit.
7ab3538c3154d81d5551eca38825fbeaThrough a netbios session request packet with a NULL source name, Windows 9[5,8] show a number of odd responses. Everything from lockups, reboots and "the blue screen of death", to total loss of network connectivity. Source code included. Reverse engineered from a binary exploit already in use.
afd8c701cbf04d7eb15f97b7514bf03aRFP2K03 - Contemplations on dvwssr.dll and how it affects life. Lots of information here. Also includes a fixed versoin of the perl exploit.
a0e102ff20a8533fc809e1c21dc5dc20RFP2K02 - "Netscape engineers are weenies!" AKA a back door in Microsoft FrontPage extensions/authoring components. Anyone with web authoring permission can use a backdoor in dvwssr.dll to read .asp (and .asa) files under the web root. As Microsoft has told me, the immediate problem is moreso the fact that any developer of one particular virtual site can download the .asp code of other virtual sites on the same system. Includes dvwssr.pl, a perl based exploit.
1fc3a6e3ab7d3f3b36ff21e5cc7a588eExploit information for the "Virtualized UNC Share" problem talked about in MS00-019 which yeilds the source of .asp's.
8c156cef23f80484481a45aa924f138b"How I hacked PacketStorm Forums" - A look at hacking wwwthreads via SQL. This is more of a technical paper than an advisory, but it does explain how I used a vulnerability in the wwwthreads package to gain administrative access and some 800 passwords to PacketStorm's discussion forum.
65e9cf41f0a4751b028b031d3a85685eExploit for the new NT remote DOS and possible compromise. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.
0f740d5d2650f45cced8bb795dd24f8aSource for the RFPoison, a NT remote DOS. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.
f26384176158aff289f4bb80a692931bPacket Storm Contest Entry - Purgatory 101: Learning to cope with the SYNs of the Internet.
14348b374f59c15e3271189eba68ff75A look at whisker's anti-IDS tactics. Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?".
6e9e8b5619afc566d44fa31da9f45b34More information on the vulnerability described in ms99-061, a problem in IIS that causes it to parse invalid escape sequences, allowing a carefully made string to bypass IDS systems, ISAPI filters, and extension handlers. Includes a perl script to test for vulnerability.
0af787a2fcf7d7bcecc7e44df69fa355whisker is what I've dubbed a 'next generation' CGI scanner. It is Scriptable. It's a programming-ish language that is tailored to do lots of flexible web scanning. Very stealthy. I've implemented anti-IDS checks into the scan. Includes over 200 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support.
4a89a0b6b991891c244c9fa6ffd42b0b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed