Dear Trajce,
My suggestion is ...
Download some old softwares with bugs.
https://www.securinfos.info/old_softwares_vulnerable.php
then use metasploit to exploit it.
Also there is a nice intro tutorial here showing how to write a
exploit with metasploit framework.
http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit
All the best,
Andre Amorim
GnuPG KEY: 2048R/3E10FF47
Download:
http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x7C3B77763E1
0FF47
2008/8/18 <dimkovtrajce (at) yahoo (dot) com [email concealed]>:
> Hi,
>
> Our goal is to teach master students in computer security in pen testing remote servers.
>
> As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the vulnerability.
>
> I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above.
>
> Can you point me to any "good" vulnerability for this purpose?
>
>
>
> Regards,
> Trajce
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
My suggestion is ...
Download some old softwares with bugs.
https://www.securinfos.info/old_softwares_vulnerable.php
then use metasploit to exploit it.
Also there is a nice intro tutorial here showing how to write a
exploit with metasploit framework.
http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit
All the best,
Andre Amorim
GnuPG KEY: 2048R/3E10FF47
Download:
http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x7C3B77763E1
0FF47
2008/8/18 <dimkovtrajce (at) yahoo (dot) com [email concealed]>:
> Hi,
>
> Our goal is to teach master students in computer security in pen testing remote servers.
>
> As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the vulnerability.
>
> I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above.
>
> Can you point me to any "good" vulnerability for this purpose?
>
>
>
> Regards,
> Trajce
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
[ reply ]