[WEB SECURITY] Tools or software for hacking windows/iis.

Sels, Roger roger.sels at gov-fbi.net
Thu Dec 21 01:58:34 EST 2006


Albert,

Since you mention not being a technical-savvy user, this link might come
in handy when trying to figure out how to exploit your target using
metasploit:
http://www.radarhack.com/dir/papers/MetaSploit_for_dummiesl.pdf

Roger

On Thu, December 21, 2006 7:39 pm, Will Jefferies wrote:
> The metasploit framework can help.
>
> Will
>
> -----Original Message-----
> From: Schmidt, Albert E [mailto:AES at ola.state.md.us]
> Sent: Thursday, December 21, 2006 11:30 AM
> To: Web Security
> Subject: [WEB SECURITY] Tools or software for hacking windows/iis.
>
> Hello group, I am auditing a Windows 2000 web server that has not been
> patched for 2 years.  I am looking for tools that could be used to
> exploit know vulnerabilities - I do not want to damage the server, but
> would like to demonstrate the security weakness for my work papers.  I
> have heard that there are tools such as iishack.exe that may be able to
> help.  I would like an easy tool, as I am not that technical.  I have a
> basic understanding of web application security.
>
> Thank you,
>
> Albert E. Schmidt, CPA
> Senior Information System Auditor
> Office of Legislative Audits
> Department of General Services
> Maryland General Assembly
>
> ------------------------------------------------------------------------
> ----
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> Confidentiality Notice: This message is for the sole use of the intended
> recipient(s).
> It may contain confidential or proprietary information and may be subject
> to the
> attorney-client privilege or other confidentiality protections. If this
> message was
> misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries
> waive any
> confidentiality, privilege, or trade secrets. If you are not a designated
> recipient,
> you may not review, print, copy, retransmit, disseminate, or otherwise use
> this message.
> If you have received this message in error, please notify the sender by
> reply e-mail
> and delete this message.
>
> ----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>


-- 
Life is 10 percent what you make it and 90 percent how you take it. -
Irving Berlin


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list