[prev in list] [next in list] [prev in thread] [next in thread]
List: sectools
Subject: Tools Released at CanSecWest 2001
From: Elias Levy <aleph1 () SECURITYFOCUS ! COM>
Date: 2001-04-17 21:16:18
[Download RAW message or body]
From: H D Moore <hdm@SECUREAUSTIN.COM>
Subject: [PEN-TEST] Tools Released at CanSecWest 2001
Date: Sun, 1 Apr 2001 15:48:01 -0500
Message-ID: <01040115480101.15046@odin>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My slides and tools for the CanSecWest 2001 conference (core01) are now
available from my web site: http://www.digitaloffense.net/
The presentation was titled "Making NT Bleed", it covered a few of the
methods that can be used to gain access to IIS and MS-SQL, as well as some
new stuff like SQL over RDS. For those of you that missed the conference this
year, I strongly suggest that you attend next year if you depend on
assessments and penetration testing for business. I have never been to a
conference before where almost every single presentation provided something
that I can turn around and use on a daily basis. A brief synopsis of the
tools:
1. unicoder.pl - a fairly refined unicode directory transversal exploit which
includes SSL and proxy support.
2. sslrds.pl - a tool for exploiting SQL servers behind a firewall by
proxying the request through an IIS server's RDS component.
3. sqlsmack.pl - a command line MS-SQL client, default behavior is execution
of commands through xp_cmdshell.
- -HD
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBOseUATwRvqMPEDLhEQJvoACgzGNlj9JOUlXhWLxmy58hVNZNWAAAoJJA
3gCMjKK/e63e7Aw+rgRjNZku
=3DuX
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic