IIS Admins Beware - Get your systems patched
Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: IIS Admins Beware - Get your systems patched

  1. #1
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038

    IIS Admins Beware - Get your systems patched

    There is a new exploit scanner called MehIIS (changed the name so it cannot be Google'd) which does the following:

    This file allows you to scan any Windows 2000 Server (IIS 4.0/5.0) to see if the server is vulnerable or not and will show you the Exploits Link. All you have to do is to copy and paste the Exploit in to your browsers address-bar and your in. Demo supports 28 out of 255 well known exploit for win2k & NT.

    WoOt to the script K!dD!3s...

    I am not posting a URL for obvious reasons. If you want more info PM me.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Posts
    217
    will normal windows update patches suffice, or is there a special patch (i'm pretty sure i've already taken care of this... but i wanna be certain)
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  3. #3
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    SickYourIT: Well you only have to worry about this tool if you have an IIS server. I am not sure yet on what expliots it uses.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    217
    well, for those who do use IIS. I think that the patch came out the day Bush came on TV and gave Iraq 48 hours. Not sure, though
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    CXG: Well..... I dunno if it's me or what but it seems to do nothing whatsoever. (I have a theory but I'll expand on my lack of knowledge in a sec.)

    I scanned it in the zip and scanned it after unpacking, (I mentioned belt and suspenders right, <LOL>). I executed it by double clicking in explorer on a machine that has a HIDS on it and was being watched by Ethereal. Got the old DOS window flash up.... ok, it's not GUI. Nothing from HIDS, nothing from Ethereal.

    I opened a DOS window and executed it with -h, /? and help switches..... nothing. Nothing from HIDS, nothing from Ethereal. It doesn't come with a lot of docs....<s>

    Executed it with a fake web page address. Nothing. Nothing from HIDS but I got an absolutely standard DNS request to my default DNS server for the fake address. So something in there works.....<s>

    Ok.... Now I'm fed up so I unpack it in a hex editor and this is where my lack of knowledge comes in. It's very first line says "This program cannot be run in DOS mode" just like the old proggies used to say "This program cannot be run under Windows" all those years ago. Is that normal for something that only seems to do anything in DOS. This is a newish file by the way 'cos it claims to have been last modified a few days ago.

    Further down in the dump there are references to some windows APIs and then finally one for Perl...... I never played with perl but I think I need some kind of proggie here for my system to be able to run Perl stuff..... Or am I wrong and this thing simply doesn't like me?????
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Tiger Shark
    CXG: Well..... I dunno if it's me or what but it seems to do nothing whatsoever. (I have a theory but I'll expand on my lack of knowledge in a sec.)

    I scanned it in the zip and scanned it after unpacking, (I mentioned belt and suspenders right, <LOL>). I executed it by double clicking in explorer on a machine that has a HIDS on it and was being watched by Ethereal. Got the old DOS window flash up.... ok, it's not GUI. Nothing from HIDS, nothing from Ethereal.

    I opened a DOS window and executed it with -h, /? and help switches..... nothing. Nothing from HIDS, nothing from Ethereal. It doesn't come with a lot of docs....<s>

    Executed it with a fake web page address. Nothing. Nothing from HIDS but I got an absolutely standard DNS request to my default DNS server for the fake address. So something in there works.....<s>

    Ok.... Now I'm fed up so I unpack it in a hex editor and this is where my lack of knowledge comes in. It's very first line says "This program cannot be run in DOS mode" just like the old proggies used to say "This program cannot be run under Windows" all those years ago. Is that normal for something that only seems to do anything in DOS. This is a newish file by the way 'cos it claims to have been last modified a few days ago.

    Further down in the dump there are references to some windows APIs and then finally one for Perl...... I never played with perl but I think I need some kind of proggie here for my system to be able to run Perl stuff..... Or am I wrong and this thing simply doesn't like me?????
    I too gave it a try with pretty much the same results. Really gave me nothing other than:
    << SERVER MS-IIS NADARAD >>
    Now I am not sure what I am suppose to gain from that.

    Cheers:
    DjM

  7. #7
    Junior Member
    Join Date
    Mar 2003
    Posts
    20
    I actually use this type of app. to secure my ISS servers that I adminstrate. Nothing wrong with the application, only wrong is to what use you will put it too. The one I have checks for about 20,000 vulernabilities and is called N Stealh .

    Here is a vulenerability scanner review.
    http://archive.devx.com/security/art...I/MS0102-3.asp

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    DJM: I reran it against a real web site, (one of my own), and got the following reply:

    www.mydomain.com: Asib Pazir Nist

    Do we have any speakers of Arabic out there that can make a bit of sense out of this for us non-arabic types?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Tiger Shark
    Do we have any speakers of Arabic out there that can make a bit of sense out of this for us non-arabic types?
    Tiger: I found an online Arabic translator HERE but those words don't translate. Are we even sure they are words?


    Cheers:
    DjM

  10. #10
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    hmmm... I did (in DOS) tool.exe ip Address and it came up with a little text.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •