[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sectools
Subject:    Tools Released at CanSecWest 2001
From:       Elias Levy <aleph1 () SECURITYFOCUS ! COM>
Date:       2001-04-17 21:16:18
[Download RAW message or body]

From: H D Moore <hdm@SECUREAUSTIN.COM>
Subject:      [PEN-TEST] Tools Released at CanSecWest 2001
Date:         Sun, 1 Apr 2001 15:48:01 -0500
Message-ID:  <01040115480101.15046@odin>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My slides and tools for  the CanSecWest 2001 conference (core01) are now
available from my web site:  http://www.digitaloffense.net/

The presentation was titled "Making NT Bleed", it covered a few of the
methods that can be used to gain access to IIS and MS-SQL, as well as some
new stuff like SQL over RDS. For those of you that missed the conference this
year, I strongly suggest that you attend next year if you depend on
assessments and penetration testing for business.  I have never been to a
conference before where almost every single presentation provided something
that I can turn around and use on a daily basis.  A brief synopsis of the
tools:

1. unicoder.pl - a fairly refined unicode directory transversal exploit which
includes SSL and proxy support.

2. sslrds.pl - a tool for exploiting SQL servers behind a firewall by
proxying the request through an IIS server's RDS component.

3. sqlsmack.pl - a command line MS-SQL client, default behavior is execution
of commands through xp_cmdshell.


- -HD



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBOseUATwRvqMPEDLhEQJvoACgzGNlj9JOUlXhWLxmy58hVNZNWAAAoJJA
3gCMjKK/e63e7Aw+rgRjNZku
=3DuX
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]