[WEB SECURITY] Tools or software for hacking windows/iis.

Will Jefferies wjefferies at fncinc.com
Thu Dec 21 13:39:20 EST 2006


The metasploit framework can help.

Will

-----Original Message-----
From: Schmidt, Albert E [mailto:AES at ola.state.md.us] 
Sent: Thursday, December 21, 2006 11:30 AM
To: Web Security
Subject: [WEB SECURITY] Tools or software for hacking windows/iis.

Hello group, I am auditing a Windows 2000 web server that has not been
patched for 2 years.  I am looking for tools that could be used to
exploit know vulnerabilities - I do not want to damage the server, but
would like to demonstrate the security weakness for my work papers.  I
have heard that there are tools such as iishack.exe that may be able to
help.  I would like an easy tool, as I am not that technical.  I have a
basic understanding of web application security.
 
Thank you,
 
Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits
Department of General Services
Maryland General Assembly

------------------------------------------------------------------------
----
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Confidentiality Notice: This message is for the sole use of the intended recipient(s).
It may contain confidential or proprietary information and may be subject to the
attorney-client privilege or other confidentiality protections. If this message was
misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any
confidentiality, privilege, or trade secrets. If you are not a designated recipient,
you may not review, print, copy, retransmit, disseminate, or otherwise use this message. 
If you have received this message in error, please notify the sender by reply e-mail 
and delete this message.

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list