It does not and some of the software requires specific compilation and libraries to work correctly.  

Version 3 of the VAST pentesting distro has been released. It is for VoIP pentesting and includes all free VIPER lab tools.

http://vipervast.sourceforge.net/

"On the flip side of this, the reality is, if someone compromised a glaring vulnerability, chances are the tester sucked (for lack of better words). Sorry I call it how I see it. In an instance where this occurs (you do a test and leave gaping holes) kiss any future business goodbye as well as introducing a huge black eye on your company."

you never worked where aj and I have... LOL Had black eyes and missing teeth but still got a lot of business.

Np homie, sorry if I come off as quippy or arrogant I just do not have a lot of time for long posts. Nothing personal.

It had to do it by sending syn packets with scapy and backing off TTL until the firewall responded with an error packet containing its IP, finding out that the firewall was misconfigured and had its config interface in front of me, guessing the correct password, dumping its config, ssh tunneling through the firewall and proxy scanning the server, enumerating some users, discovering a user with pass as user, looking in the sysvol, finding a bat script with domain admin permissions and rdp. So still not just IIS or web app but just pure luck. I think that is vague enough to not give up any confidential data but informative enough to "share". :-) 

Again, they do not run any web applications. This is why I asked about IIS specifically. The PHRACK issue I would say does not indeed point to any reliable exploit. Thank you for your time but I pwnd this shit on my own.

cd1zz, this is what I thought. Oh well. FYI these are in a highly specialized deployment and have no web applications and very limited HTTP methods.

Hello,

I am having trouble finding any reliable exploits for Server 2008. So I figured I would ask you guys. Do you know of any? Thanks!

Came here to say what Sil already covered.

http://israelity.com/wp-content//2010/11/loof.jpg

yeah, i recommended a book too

you need a proxy, this is what you are looking for

The nostarch "Hacking VoIP" is good. I work at www.viperlab.net if you want to pay for our training course.