May 29th, 2002, 05:10 PM
.ASP Buffer Overflow exploits
For my GIAC certification (GCIH) I am researching the .ASP Buffer Overflow vulnerability discovered by eeye.com in April 2002 but am having a hard time trying to exploit it.
I have setup a test (controlled) environment with a Windows 2000 server - unpatched. For the sake of the research paper I have to exploit the server using this vulnerability and capture various traffic etc. Also, I will have to write-up defenses for it.
I would appreciate any help you could provide, especially in figuring out how to exploit this vulnerability?
I have looked at and tried to use Hsj's exploit (iis-asp-overflow.c) from packetstorm but have not had any luck with that either.
May 29th, 2002, 08:46 PM
well a lot of exploits only work on things that aren't put up right. Like for example, enabling file sharing allows for netbios attacks. play around with things, learn in detail how things work. Use logic yet use creativity! Though that doesn't really solve your problem, there are my 2cents. Good Luck!