Penetration Testing mailing list archives
Re: [PEN-TEST] How to deal with others' security ?
From: Ejovi Nuwere <ejovi () EJOVI NET>
Date: Wed, 23 Aug 2000 11:07:44 -0400
This should be addressed in the contract before the pen-test/audit begins. Usually you are given specific IP segments to audit. Anything outside of those networks are considered off limits, this includes ISP/ASP sites which the targets DNS may be pointing. Also, you will find that sometimes you are given the task to audit only one department within a corporation. Which limits you to a specific segment. We all make mistakes, but dont concern yourself with anything outside of your audit task. It can result in legal problems. If you think it may be worth looking at, mention it before hand. Otherwise, there isn't much you can do. e. On Tue, 22 Aug 2000, Nicolas Gregoire wrote:
Hi, please excuse my (very) poor english. My question is simple : - you have to do a penetration test on a web server. - you discover that there are virtual hosts on the same box than the web site you have to check. first question : do you know how to learn which virtual hosts are hosted on this machine ? (reverse dns lookups, etc ) [I think it's very important to know that because the others web site can have exploitable cgi, resulting in the ability to root the box and deface all the virtual hosts] second question : how to deal with others' virtual hosts security [ie. they have poor cgi] ? how obtain authorization to scan these virtual hosts ? thanks in advance Nicob nicob () 7thzone com
Current thread:
- [PEN-TEST] How to deal with others' security ? Nicolas Gregoire (Aug 22)
- Re: [PEN-TEST] How to deal with others' security ? Max Vision (Aug 23)
- Re: [PEN-TEST] How to deal with others' security ? Ejovi Nuwere (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] How to deal with others' security ? Steve (Aug 23)
- Re: [PEN-TEST] How to deal with others' security ? Meritt, Jim (Aug 24)