<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
 namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="address"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="country-region"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:Arial;
        color:windowtext;}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:Arial;
        color:navy;}
span.EmailStyle19
        {mso-style-type:personal;
        font-family:Arial;
        color:navy;}
span.EmailStyle22
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hi Dhruv,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Let me thank you all for such a
considerable support and help against my queries.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Coming back to my point as you asked in
your last e-mail that how did I come to know that I am running out of the
exploits, I am to say that I run penetration tests mostly against web
applications and servers and I do have a massive collection of exploits/links
since long time so to run them against those poor company resources. I audit
for a US based company and it is a fact observed by me that in some companies,
you will find many basic vulnerabilities that even you can&#8217;t expect. For
example, there was a server I did audit a long time back and it was like
&nbsp;you imagine an attack and that can be possible in that server application
&#8211; No restrictions </span></font><font size=2 color=navy face=Wingdings><span
style='font-size:10.0pt;font-family:Wingdings;color:navy'>J</span></font><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'> . A few companies have applications/networks that have all those
basic risks already removed before testing on the Level 1. I agree that it can
be because of the critical CIA rating. Even for such companies if I do tests
for their network(s) I find some of my exploits are obsolete. They will work
but with legacy networks. These exploits were perfect at some time but now it
seems they may or may not work.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Also, I agree to the fact that only usage
of exploits can&#8217;t guarantee you that you have tested all the bits and
pieces of a network and against all the underlying vulnerabilities. One must
know the underlying technology and how it is implemented with the other
technologies. One can break in at any time if he effectively collects
information about the network and use correct things at right time &#8211;
right?. &#8220;Still&#8221; I am sure that exploits are very much indispensable
to use against a network to prepare a PoC. I disagree with your point that
utilities like Metasploit provide you with all major exploitations (I am not
sure about Core Impact). They do have some but not majority of them but
whatever this tool has, is appreciable. You see exploits are the most valuable
piece of code for a security researcher, so not readily available for the
script kiddies out there in the wild &#8211; so I don&#8217;t think zero days
are available even if you pay. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I will check the links sent by you, thanks
a lot for those links.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thank you all!<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Cheers.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center tabindex=-1>

</span></font></div>

<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Soi, Dhruv
[mailto:dhruv.soi@owasp.org] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, July 01, 2008 4:06
AM<br>
<b><span style='font-weight:bold'>To:</span></b> Singh, Gunwant [OS-IE]; <st1:PersonName
w:st="on">Owasp-delhi@lists.owasp.org</st1:PersonName><br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Owasp-delhi] Reg.
exploits.</span></font><o:p></o:p></p>

</div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Greetings Gunwant,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Good to see you back in action!! As you
have already got few good responses against your query, so I won&#8217;t
reiterate the known theory here. But I would certainly like to participate in
this thread. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>How would you know that you are running
out of exploits? Do you see, there have been numerous vulnerabilities published
on the internet/non-disclosure channels or transferred via
IRC/contacts/pre-published advisories to your knowledge these days, at fast
pace than expected? If you rely on published vulnerabilities, and if
administrators have fixed those vulnerabilities by applying the patches then
you have no option but to wait for administrators to commit yet another mistake
(I am sure, they do care for security auditors/attackers to have some fun with
the company resources </span></font><font size=2 color=navy face=Wingdings><span
style='font-size:10.0pt;font-family:Wingdings;color:navy'>J</span></font><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'> ). Even if not, you would still find numbers of servers on the
wild available, un-patched for MS03/04/05-00X vulnerability and tons of
IIS/Apache servers those are vulnerable to old time attacks. Don&#8217;t be
surprised if I say that during a recent pen-test assignment, we found MS02-018
vulnerability in a live web server for some reputed and well known company
(obviously, can&#8217;t disclose the name of client to avoid making you jump
out of your chair). Seems to be funny, ain&#8217;t it? But, welcome to <st1:place
w:st="on"><st1:country-region w:st="on">India</st1:country-region></st1:place>!!!
<st1:place w:st="on">Lot</st1:place> of effort is still required to make the
community know the risk of hosting vulnerable resources to wild wild web (www).
There are still lots of reputed websites those are running with information
disclosure vulnerability (no exploit needed, hah!), where the available
information is worth few bucks, if not million dollars!!! I don&#8217;t
run/promote any shop in a <st1:Street w:st="on"><st1:address w:st="on">Nehru
  Place</st1:address></st1:Street> though </span></font><font size=2
color=navy face=Wingdings><span style='font-size:10.0pt;font-family:Wingdings;
color:navy'>J</span></font><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Network based attacks could vary due to
variety of architectures available today, so gathering good amount of standalone
exploits for every architecture would be a tough job and hence, we can rely on
known tools like metasploit/coreimpact those have almost all (If not all, then
many) variants of known exploit codes with options to inject shell codes of
your choice. Along with this, there are others web resources to standalone
exploits and those have already been mentioned in earlier replies to your
query, there could ofcourse be lot more those you could hit at. I used to
maintain a list of exploit links when I used to work as a security researcher,
but I have not used these links from ages (may be from past 4yrs) so am not
sure how many of those links still work, so excuse me if none of those work for
you. But anyhow, I have pasted those links next to my signatures. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>For application based exploits, it is
already been said that cheat sheets + fuzzer works far better than relying on
collection of exploit codes. Refer to old HD Moore&#8217;s style of writing a
small fuzzer, where he could find more than 50 flaws in Internet Explorer </span></font><font
size=2 color=navy face=Wingdings><span style='font-size:10.0pt;font-family:
Wingdings;color:navy'>J</span></font><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'> (I love Microsoft for
increasing employment for malware/security researchers/attackers.) Application
based attacks are mostly driven due to functional + technical faults, and can
mostly be observed by humans rather than automated exploit framework/tools.
Finding variants for application based attacks is far easier coz all
programmers can&#8217;t think alike and can&#8217;t think of delivering secure
code every time coz their companies teach them for delivering functional code,
both for clients and attackers </span></font><font size=2 color=navy
face=Wingdings><span style='font-size:10.0pt;font-family:Wingdings;color:navy'>J</span></font><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hope helps!<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Many Thanks,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Dhruv<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>DISCLOSURE: All my views are personal and
have not been under any influence/gain/threat by any organization or individual
</span></font><font size=2 color=navy face=Wingdings><span style='font-size:
10.0pt;font-family:Wingdings;color:navy'>J</span></font><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'> <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Here we go with my old (old could be gold
or a trash for you, not sure) collection!<o:p></o:p></span></font></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://nvd.nist.gov/">http://nvd.nist.gov/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://exploits-lab.info/index.php">http://exploits-lab.info/index.php</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.securityforest.com/wiki/index.php/Category:ExploitTree">http://www.securityforest.com/wiki/index.php/Category:ExploitTree</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.ussrback.com/archives/">http://www.ussrback.com/archives/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.securiteam.com/exploits/">http://www.securiteam.com/exploits/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://securitydot.net/exploits">http://securitydot.net/exploits</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.governmentsecurity.org/exploits.php">http://www.governmentsecurity.org/exploits.php</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.insecure.org/sploits_linux.html">http://www.insecure.org/sploits_linux.html</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.neworder.box.sk/explmore.php">http://www.neworder.box.sk/explmore.php</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.packetstormsecurity.org/0512-exploits/">http://www.packetstormsecurity.org/0512-exploits/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.cyenergy.info/">http://www.cyenergy.info</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.k-otik.com/exploits/">http://www.k-otik.com/exploits/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://wulf.eu.org/exploits/">http://wulf.eu.org/exploits/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.wntrmute.com/security/">http://www.wntrmute.com/security/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.netsys.com/cgi-bin/listfiles.cgi?c=3">http://www.netsys.com/cgi-bin/listfiles.cgi?c=3</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://antispyware.stompsoft.com/exploit.asp">http://antispyware.stompsoft.com/exploit.asp</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.neworder.box.sk/explmore.php">http://www.neworder.box.sk/explmore.php</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.web-hack.ru/exploit/index.php?page=1">http://www.web-hack.ru/exploit/index.php?page=1</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.hacker.org.tw/mirrorz/www.hack.co.za/">http://www.hacker.org.tw/mirrorz/www.hack.co.za/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://hysteria.sk/arxiv/hack/exploits/daemon/rpc/">http://hysteria.sk/arxiv/hack/exploits/daemon/rpc/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.milw0rm.com/">http://www.milw0rm.com/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://outpost9.com/exploits/">http://outpost9.com/exploits/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.i-eye.net/exploits/hack.pl.php">http://www.i-eye.net/exploits/hack.pl.php</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://naples.dnstraffic.net/~illmobi/illmob_apps/">http://naples.dnstraffic.net/~illmobi/illmob_apps/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://hack.com.ru/exploits/">http://hack.com.ru/exploits/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://xploited.ssc.net/exploits/">http://xploited.ssc.net/exploits/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://www.exworm.hostrocket.com/exploits/">http://www.exworm.hostrocket.com/exploits/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=smalltypeinactive><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><a
href="http://members.lycos.co.uk/r34ct/main/0day-2003:%3E/illmob_files_mirror/">http://members.lycos.co.uk/r34ct/main/0day-2003:%3E/illmob_files_mirror/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><span class=descr><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><a href="http://www.triviasecurity.net/">http://www.triviasecurity.net/</a><o:p></o:p></span></font></span></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center tabindex=-1>

</span></font></div>

<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> owasp-delhi-bounces@lists.owasp.org
[mailto:owasp-delhi-bounces@lists.owasp.org] <b><span style='font-weight:bold'>On
Behalf Of </span></b>Singh, Gunwant [OS-IE]<br>
<b><span style='font-weight:bold'>Sent:</span></b> Monday, June 30, 2008 4:48
PM<br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName w:st="on">Owasp-delhi@lists.owasp.org</st1:PersonName><br>
<b><span style='font-weight:bold'>Subject:</span></b> [Owasp-delhi] Reg.
exploits.</span></font><o:p></o:p></p>

</div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi all,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am back again with a question. Thank you for your support
so far.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>While testing, I have come to know that I am running out of
exploits. Since administrators are coming up with latest patches to cover up
the existing vulnerabilities, one must also update his/her exploit collection
w.r.t the vulnerabilities found. I have a collection of some exploits which are
mostly for web servers (IIS, Apache, etc.). Just wanted to know, what resources
you guys use to get the exploits, or you build your own. I m looking for both
network based and application based exploits. May be if someone wants to share
some exploits or links for any resources. Any feedback will be highly
appreciated.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Gunwant Singh<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>