Penetration Testing mailing list archives
Re: A kind of Honeypot
From: max <max () neuropunks org>
Date: Wed, 20 Jun 2001 14:28:13 -0400 (EDT)
I have done this in the past, and i suggest you also put up as much hax0r and system related info into some directory, accessable only by you, as a good library (just a failsafe in case the client blocks certain sites where you would get info/exploits, and for improved archiving - most security sites are so full of info, it is sometimes hard to find what you need). Also, write web frontends to some usefull apps, like traceroute, nmap, etc. Basically, make that site your base of operations on the net, in case you have to conduct an audit on a system which is almost completely locked out from the internet, and wont let you save downloaded files or access to anything besides a web browser, stuff like that (you can do pentests from internet cafes and libraries this way : ). hope this helps, max On Wed, 20 Jun 2001, Nicolas Gregoire wrote:
Hi all, I plan to make a website just for my pen-tests. This website grabs as much as possible info from the visitors (IP, browser, proxy, etc ..), tries to exploit some common vulns of browsers (Guninski's page is a good start for this) and hosts a passive fingerprinting app. The victims are "spammed" with some misc. content (p0rn, free CD/DVD, jokes) linking (or redirecting) to the site. Has anybody ever do that ? Nicob
Current thread:
- A kind of Honeypot Nicolas Gregoire (Jun 20)
- Re: A kind of Honeypot max (Jun 21)
- Re: A kind of Honeypot Nexus (Jun 21)
- RE: A kind of Honeypot Andrew van der Stock (Jun 21)
- Re: A kind of Honeypot Lance Spitzner (Jun 21)
- <Possible follow-ups>
- Re: A kind of Honeypot Antonio Stano (Jun 22)