Dailydave mailing list archives
Directory traversal as a reconnaissance tool (Russ McRee)
From: Russ McRee <holisticinfosec () gmail com>
Date: Mon, 8 Feb 2010 12:27:14 -0800
Directory traversal as a reconnaissance tool http://holisticinfosec.blogspot.com/2010/02/directory-traversal-as-reconnaisance.html Like most of you, I find malicious or fraudulent online advertisers annoying to say the least. My typical response, upon receipt of rogue AV pop-ups, or redirects to clearly fraudulent sites, is to "closely scrutinize" the perpetrating site. This effort often bears fruit as is evident in the following analysis. My interest was recently peaked when being made aware of a number of related sites committing abuse against a variety of brands; all quite clearly in violation of copyrights and trademarks. An example, for your consideration: messenger-download.info After a little exploration it was quickly determined that these cretins seek only to con victims out of credit card data with the promise of illegal downloads for a fee. Apparently these dbags have been at it for awhile. They make it look like you're going to receive access to a legitimate offering then they suck you in to freedownloadzone.com. This, of course, pissed me off, so...off to the races. A poke here, a tickle there, and voila.../etc/passwd... -- Russ McRee GCIH, GPEN, GCFA, CISSP 425-518-6998 cell http://holisticinfosec.org http://blog.holisticinfosec.org _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Directory traversal as a reconnaissance tool (Russ McRee) Russ McRee (Feb 08)