[WEB SECURITY] Tools or software for hacking windows/iis.

TUSHAR VARTAK /ISG/INFOTECH/BKC TUSHAR.VARTAK at 3i-infotech.com
Thu Dec 21 22:05:05 EST 2006


You might want to try metaexploit framework for this.
Securityfocus.com does provide exploit details for some
vulnerabilities.
http://www.securityfocus.com/vulnerabilities

Cheers, 
Tushar Vartak


-----Original Message-----
From: Schmidt, Albert E [mailto:AES at ola.state.md.us] 
Sent: Thursday, December 21, 2006 11:00 PM
To: Web Security
Subject: [WEB SECURITY] Tools or software for hacking
windows/iis.

Hello group, I am auditing a Windows 2000 web server that
has not been patched for 2 years.  I am looking for tools
that could be used to exploit know vulnerabilities - I do
not want to damage the server, but would like to demonstrate
the security weakness for my work papers.  I have heard that
there are tools such as iishack.exe that may be able to
help.  I would like an easy tool, as I am not that
technical.  I have a basic understanding of web application
security.
 
Thank you,
 
Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits
Department of General Services
Maryland General Assembly

------------------------------------------------------------
----------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]





-- 


"This e-mail message may contain confidential, proprietary or legally privileged information. It 
should not be used by anyone who is not the original intended recipient. If you have erroneously 
received this message, please delete it immediately and notify the sender. The recipient 
acknowledges that ICICI Bank or its subsidiaries and associated companies,  (collectively "ICICI 
Group"), are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views 
expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of ICICI Group.Before opening any attachments please check them for viruses and defects." 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20061222/edd9c969/attachment.html>


More information about the websecurity mailing list