Re: IIS5 Null.Printer vulnerability exploitation tool



Hi Vedantam Sekhar,

The PoC tool for IIS5 Null.Printer Buffer Overflow vulnerability can
be downloaded from URL.
URL: http://www.packetstormsecurity.org/0111-exploits/IIS5-Koei.zip

Hope this helps!!

---
Nikhil Wagholikar
Practice Lead | Security Assessment & Digital Forensics
Network Intelligence India Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://www.niiconsulting.com/services/education/Training%20Calendar.html


2009/6/12 Vedantam sekhar <sekhar56us@xxxxxxxxx>

Group,

It will be helpfull if anyone guide me how to test for this particular vulnerability. I did confirm this vuln. exists in the website i am testing presently but i need show my customer remote system compromise is possible (showing him the cmd/# on the target ultimately).

The code given on the securityfocus only tells me if the site has the vulnerability or not

Btw will it work againest II5 on windows 2000 later than SP2 as well?

S





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: How to write a security vulnerability assessment consulting project
    ... Practice Lead | Security Assessments & Digital Forensics ... Comprehensive Information Security Training ... Our security team is working in a security vulnerability assessment ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: How to write a security vulnerability assessment consulting project
    ... Practice Lead | Security Assessments & Digital Forensics ... Comprehensive Information Security Training ... Our security team is working in a security vulnerability assessment ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
    ... If there was no change then the security industry would be dead as the ... technology evolves so quickly that "new" technology is ... Information Assurance Certification ... Prove to peers and potential employers without a doubt that you can ...
    (Pen-Test)
  • Re: University plan
    ... Core Security Technologies ... Find a good 4 year undergraduate school, ... a full practical examination in order to become certified. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: To go to University - For the CISSP etc. - Good idea/Bad idea???
    ... holder globally and the most highly accredited Global Information Security ... Although technology moves on, many of the underlying foundations do not. ... Information Assurance Certification ... Prove to peers and potential employers without a doubt that you can ...
    (Pen-Test)