By Justin Peltier, Chief Technology Officer, Peltier Associates
How tough is it to really compromise a system? In a previous column we answered that question with a tutorial using MetaSploit™ to penetrate a common vulnerability, RPC-DCOM. This month we will look to perform another common vulnerability penetration using the Core Impact utility. In future columns we will look at other common penetration testing utilities and conclude the series with a Shoot Out Review of each framework in a head-to-head test. NOTE: While not a free utility like MetaSploit™, demo versions of the product are available from the manufacturer.
The mission of this tutorial is to compromise a Microsoft IIS web server with the SSL PCT handshake vulnerability (also known as THCIISLAME) in order to run a SYSTEM level shell. So, let's get to work.
Source: The Ethical Hacker Network