Re: Requisites for a very unsafe IIS5!
From: Jason Brown [MSFT] (i-brjaso_at_online.microsoft.com)
Date: Wed, 9 Mar 2005 12:04:32 +1100
Unless of course that's the point of the presentation - ongoing improvement,
the importance of patching your boxes, keeping naked installs offline,
slipstreaming patches into fresh installs to mitigate the danger from new
otherwise agreed. I'd also be looking at vulnerabilities in the the
application layer such as SQL injection, Session hijacking, cross-site
scripting, packet sniffing and so on - they're more common than unpatched
IIS boxes by far, and easier to demo exploits on.
-- Jason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. "Miha Pihler [MVP]" <email@example.com> wrote in message news:ewoPPHAJFHA.firstname.lastname@example.org... > Hi John, > > If you really want to teach users something, then have a fully patched up > computer; then show them vulnerabilities... > > I don't see much point in showing off 4 or more years old holes that were > patched up long time ago. > > -- > Mike > Microsoft MVP - Windows Security > > "John Leerentveld" <email@example.com> wrote in message > news:firstname.lastname@example.org... >> Hi, >> for an ethical hacking training I need to have a IIS configuration that's >> very unsecure, so I can test >> and show the vulnerability. >> What should I do? Install Windows 20000 out-of-the-box without any >> SP's/patches? >> >> John >> > >