Security Basics mailing list archives
Possible attack flow for a Windows 7 running WebMatrix serving Wordpress
From: "Jed R. Mallen" <jedmallen () gmail com>
Date: Fri, 15 Jul 2011 15:33:02 +0800
Hi guys, Our team is tasked to do a security analysis of a local Windows 7 machine running WebMatrix and a Wordpress blog running on it. We are not really a security team (we're part of the dev group) but we were chosen at random and tasked to come up with a list of possible vulnerabilities for this machine setup. I'm thinking we should break down the attack process to basically 3: 1. Windows 7 - open ports - available services 2. WebMatrix 3. Wordpress - XSS - SQL attacks Also we are not allowed to down the machine (DDoS). Just an admin prompt would be enough (and maybe leave a flag or something, we haven't decided yet). Questions are: 1. How should we start the flow of the attack? 2. What security sources should we check for a list of known vulnerabilities and payloads. 3. Any specific app (win32 or *nix based) that can be used (eg: nmap, etc.). We've done a websecurify (via BackTrack 5.0) run on the site but it downed the MySQL server. Any help would be greatly appreciated! All the best, /Jed -- Jed R. Mallen | GPG key ID: 81E575A3 fp: 4E1E CBA5 7E6A 2F8B 8756 660A E54C 39D6 81E5 75A3 | http://jedmallen.com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Possible attack flow for a Windows 7 running WebMatrix serving Wordpress Jed R. Mallen (Jul 15)