lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon Sep 26 22:17:39 2005
From: perrymonj at networkarmor.com (Josh Perrymon)
Subject: CORE-Impact license bypass

I just think that too many consultants are relying on automated tools to
do their job.  Don't get me wrong...  I use them on every project-

Nmap
Nessus
AMAP
MetaSploit
HPING2
VomiT
Acunetix
Etc.................

For me I use the tools to help spot a vulnerable system then exploit the
system using Metasploit or with a known safe exploit I have collected.

I just don't know if I could pay 15k to have access to exploits.

-----Original Message-----
From: Marc Maiffret [mailto:mmaiffret@...e.com] 
Sent: Monday, September 26, 2005 4:50 PM
To: Exibar; c0ntex; Josh Perrymon; full-disclosure@...ts.grok.org.uk
Subject: RE: [Full-disclosure] CORE-Impact license bypass
Importance: Low

<snip>
>   As far as automated tools go, bah, manually exploiting the 
> holes is certainly the way to go.  But, the automated tools 
> usually produce nice pretty reports that you can show the 
> client.  They just LOOOOOVVVVVEEEEEE pretty reports with many 
> bright colors and such for the good stuff and dark "hacker 
> like" colors for the bad stuff :-)
> 
>   Exibar

Why is manually exploiting holes the way to go? More so what do you mean
by manually? Writing the exploit yourself? (Few consultants can do that,
and even fewer can do that good). So maybe manually means downloading
hax0rw4ng495's exploit off bugtraq and using that? Or?

So I am curious what was the last SMB/RPC exploit that you saw that took
advantage of SMB/RPC fragmentation for stealth purposes of evading
IDS/IPS systems? I cant think of any that have done that but I can think
of an automated exploit system (Canvas) that does just that.

Or when was the last time you saw a good RPC remote exploit that was
able to take advantage of all known attack vectors?
139,445,dynamicport,rpc over http, bla bla bla. But again both of the
automated attack systems (canvas/core) do just that.

I'm playing devils advocate so its not that I completely disagree but I
think for the average consultant (99% of consultants) using an automated
solution like Core/Canvas is going to do far more for them.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities 

Important Notice: This email is confidential, may be legally privileged,
and is for the intended recipient only. Access, disclosure, copying,
distribution, or reliance on any of it by anyone else is prohibited and
may be a criminal offense.  Please delete if obtained in error and email
confirmation to the sender.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ