RE: Exploitable vulnerabilities in Microsoft IIS/7.0



Start here https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
Other parts in the series https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/
https://www.corelan.be/index.php/articles/




: -----Original Message-----
: From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
: On Behalf Of Nikhil Varghese
: Sent: donderdag 7 juni 2012 18:59
: To: security-basics@xxxxxxxxxxxxxxxxx
: Subject: Re: Exploitable vulnerabilities in Microsoft IIS/7.0
:
: I think exploit development in windows is too difficult. I really don't know
: where to start. The only experience I have is in using metasploit.
:
: Which is the best resource I can get to develop windows exploits?
:
:
: On Wed, Jun 6, 2012 at 11:37 PM, Nikhil Varghese <nkvp.93@xxxxxxxxx>
: wrote:
: > I found two more vulnerabilities, but i still don't have any way of
: > testing them on my system.
: >
: > http://www.securitytracker.com/id/1024079
: > http://www.securitytracker.com/id/1024440
: >
: > I tried to develop my own exploit but the information is too vague. It
: > would be useful if anyone has an exploit or can help me out in anyway
: > possible.
: >
: >
: >
: > On Wed, Jun 6, 2012 at 11:13 PM, Nikhil Varghese <nkvp.93@xxxxxxxxx>
: wrote:
: >> Are there any vulnerabilities in Microsoft IIS/7.0 that are
: >> exploitable? I found one:
: >> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0074.
: >> However, i could not find any metasploit exploit for the vulnerability..
: >>
: >> How can I test if my IIS server is vulnerable since i run Microsoft
: >> IIS/7.0 in my system? Has anyone written an exploit/detailed
: >> explanation for this yet?
:
: ------------------------------------------------------------------------
: Securing Apache Web Server with thawte Digital Certificate In this guide we
: examine the importance of Apache-SSL and who needs an SSL certificate. We
: look at how SSL works, how it benefits your company and how your customers
: can tell if a site is secure. You will find out how to test, purchase, install and
: use a thawte Digital Certificate on your Apache web server. Throughout, best
: practices for set-up are highlighted to help you ensure efficient ongoing
: management of your encryption keys and digital certificates.
:
: http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
: 42f727d1
: ------------------------------------------------------------------------


This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose, copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments.
This transmission is submitted without prejudice and inadmissible in evidence.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages