Libwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing. Function reference available here.
e542ac10fc69358b71c76c10dd0673cf046d45a5dd590997990739ebf75ff405Whisker is a high quality URL scanner which is used to search for known vulnerable CGIs on websites. Whisker does this by both scanning the the CGIs directly as well as crawling the website in order to determine what CGIs are already currently in use. Whisker is scriptable and is easily tailored to do lots of flexible web scanning. Very stealthy. Implemented anti-IDS techniques. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host, Proxy, and SSL support.
bb25191bfef42806daa43d9a10273c4099163ab1ae7d71209cd042cdc856db9eLibwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing.
8bd72d0828a11d981434fbf42ec6062d4b0709e587674d8589f97365b5a266eeRFP2201 - MS Site Server Evilness. Security considerations to keep in mind when using Site Server 3.0. Includes info on a LDAP_Anonymous account w/ default password, information leakage and more via administrative pages, information leakage via _mem_bin pages, Cross-site scripting in various files, anonymous LDAP access, user publishing of files, Content publishing (cphost.dll) issues, and more.
b2d879527af4c0745a0200f6764a9f8cc7188c198d4129e7315d2cc73fe7ec08Details and source diffs for the wu-ftpd v2.6.1 remote overflow vulnerability. By leaving off closing ']' and '}' characters, it's possible to get the glob function to construct a long string which very well may overflow a buffer in gzip v1.2.4.
30748757c260928c611e88fd96b30631aba28b1ad1813970dcd5a76a1ab7932dLibwhisker is a perl module for performing whisker CGI vulnerability checks. This is a preview release.
960d4be891522dd39a4a6fc33fd4765ddb81bffe80c0002f1a0f8c849c9e1977Packet Storm Contest Entry - Purgatory 101: Learning to cope with the SYNs of the Internet. (Text Format)
43284d288da9f2331d1bd5c0d9a900b6ffaf2f5af2659be61d5f41dde2c20fc5RFP2101 - SQL hacking user logins in PHP-Nuke web portal. PHP-Nuke v4.3 contains authentication weaknesses in the SQL code which allows you to impersonate other users and retrieve their password hashes.
cc5049f1f163f63deea98dbb2a421e75f15ed91bb1c34e3487646b61d0d36b8dwhisker v1.40 with native SSL support. Adds a -x option which uses the Net::SSLeay perl module and OpenSSL. Whisker is what I've dubbed a 'next generation' CGI scanner. I've implemented anti-IDS checks into the scan. Includes over 200 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support. Can be used as a CGI.
b08da8795124f5cedfed471dc8c6fdce6b7cc819512817bb29e50ed6a5ac34ceRFPolicy 2.0 - rain forest puppy's policy on notifying vendors and releasing security vulnerabilities.
292c943bdd96a7ec03da8dac3e27832c587f3bcc55001ecabfda4ad18b74786brain forest puppy's investigation of the recent Microsoft IIS remote command execution vulnerability which was first mentioned in a ms00-078. UNICODE character translation on foreign IIS 4.0 and 5.0 servers allows additional ways of encoding '/' and '\', allowing commands to be executed under the IUSR_machine context.
2b1c446965eae66c719dc5275df8c83c036b0c35b914f77fa9b14f18472713f1whisker is what I've dubbed a 'next generation' CGI scanner. It is Scriptable. It's a programming-ish language that is tailored to do lots of flexible web scanning. Very stealthy. I've implemented anti-IDS checks into the scan. Includes over 200 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support. Can be used as a CGI.
173635b21dce7df421528d14e826b70fae03b6130717bd2979423c603175488aNetProwler 3.0, a network based intrusion detection system, has a remote denial of service vulnerability. The software crashes when two fragmented IP packets are sent to an IP address that it is profiling. Netprowler must be profiling ftp in order for the exploit to work. Please note that Netprowler logs all incoming alerts to a Microsoft .mdb file. Please read RFP2K04.txt for more information.
01dfbeff982172b700a96a3ad3afd0f8babfbb62d8508a80fe57958e3f4d2e87RFP2K04 - Mining BlackICE with RFPickAxe. BlackICE IDS uses a management console called ICECap to collect and monitor alerts sent by the various installed BlackICE agents. The ICECap user console sits on port 8081 and has the default login of 'iceman' with no password. The second problem is that the software uses, by default, the Microsoft Jet 3.5 engine to store alerts. If you couple that with the shell VBA problem, that means you can push alerts that contain commands to be executed on the ICECap system. Includes RFPickaxe.pl demo exploit.
eb477a77f630953d91b35937b63fd59b9bc492d8898abfeed95794044c8189f8Through a netbios session request packet with a NULL source name, Windows 9[5,8] show a number of odd responses. Everything from lockups, reboots and "the blue screen of death", to total loss of network connectivity. Source code included. Reverse engineered from a binary exploit already in use.
f3538a492ff6e70e86c22b289cde727edd32fe6a78aeb81e4c21dbecb58b573cRFP2K03 - Contemplations on dvwssr.dll and how it affects life. Lots of information here. Also includes a fixed versoin of the perl exploit.
35d74c40a89b7e8cc70b2ff471f069a45fac739fddcdc7582bf99957b60ddc84RFP2K02 - "Netscape engineers are weenies!" AKA a back door in Microsoft FrontPage extensions/authoring components. Anyone with web authoring permission can use a backdoor in dvwssr.dll to read .asp (and .asa) files under the web root. As Microsoft has told me, the immediate problem is moreso the fact that any developer of one particular virtual site can download the .asp code of other virtual sites on the same system. Includes dvwssr.pl, a perl based exploit.
0936015396bd313d2672ec14ba8f974c4fc1c50db12450334d9108faf511c37fExploit information for the "Virtualized UNC Share" problem talked about in MS00-019 which yeilds the source of .asp's.
95fa2946c47ff7913a1492a8b887bb7d64476444f8a22f608baa88cefaf77142"How I hacked PacketStorm Forums" - A look at hacking wwwthreads via SQL. This is more of a technical paper than an advisory, but it does explain how I used a vulnerability in the wwwthreads package to gain administrative access and some 800 passwords to PacketStorm's discussion forum.
29b3228561304410fb2ef71030ea7e75376cc046c8543397a51327868ce6872eExploit for the new NT remote DOS and possible compromise. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.
2b98566441d44ba149fafd2b74a9bf4293af462f1fe5b8657c87530b1278ec22Source for the RFPoison, a NT remote DOS. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.
97b128e117f9dab3ea840c5462d01811717f598125ea7c7d49bde330c80268b9Packet Storm Contest Entry - Purgatory 101: Learning to cope with the SYNs of the Internet.
acbfe437758ef4ccfb79fde7993aac9a5d2d865fa6ba4948cd195b2923ef09cfA look at whisker's anti-IDS tactics. Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?".
f9e654a0fc127dcf27a1beb7e8a32d1157b5138bca0b71216771555c32113361More information on the vulnerability described in ms99-061, a problem in IIS that causes it to parse invalid escape sequences, allowing a carefully made string to bypass IDS systems, ISAPI filters, and extension handlers. Includes a perl script to test for vulnerability.
ef40568ad6b25c2ee06d8471ee964346dcb723886938cecd3b91cb78e396a9a0whisker is what I've dubbed a 'next generation' CGI scanner. It is Scriptable. It's a programming-ish language that is tailored to do lots of flexible web scanning. Very stealthy. I've implemented anti-IDS checks into the scan. Includes over 200 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support.
aa01b002879dbb047ab54823efeedd8d3e423630310048e3b7a238055f3e9ab6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed