Re: iXsecurity.tool.briiis.3.02

From: Nicolas Gregoire (nicolas.gregoireat_private)
Date: Wed Jun 13 2001 - 09:49:25 PDT

  • Next message: Erik Tayler: "RE: Summary - ?"

    ian.vitekat_private wrote :
    
    > Briiis is a tool for testing web servers for "/" encoding
    > break out from web root vulnerability from an executable
    > directory.
    
    Your tool doesn't find all vulnerable hosts.
    The "exploit string" (ie. $explstr in the programm) doesn't contain (in
    some cases) enough "../" and can't be used to access up to c:\
     
    Here are the modifications I did to your toy :
    OLD LINE :
    $explstr="/..$opt_F..$opt_F..$opt_F..$opt_F..${opt_F}winnt/system32/cmd.exe?/c+$opt_c"
    if ($opt_c);
    NEW LINE :
    $explstr="/..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F../winnt/system32/cmd.exe?/c+$opt_c"
    if ($opt_c);
    
    Thanks for the list of directories, I was looking for a good one.
    
    NB : last time I checked it, the unicoder.pl tool from HD Moore couldn't
    find non-english vulnerable versions of IIS (it is looking for
    "Directory of" in the returned content and it's, for exemple,
    "Répertoire de" in french).
    
    Please excuse my poor english.
    Nicob
    



    This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 13:20:10 PDT