Penetration Testing mailing list archives
Re: Word lists, again...
From: H D Moore <hdm () secureaustin com>
Date: Wed, 23 May 2001 20:10:55 -0500
The database which comes with Whisker is fairly complete, albiet the vulnerability checks are outdated. You can find a copy online at http://www.wiretrip.net/rfp/ On Wednesday 23 May 2001 04:53 am, Alberto Grazi wrote:
Hi, during a pen-test I have found a directory which probably has exec permission. Since I didn't have any name of files (listing is not allowed) my approach was to try a sort of "dictionary attack" on the URL. I tried with a normal English dictionary but it didn't find anything (each word was truncated to the 8th char and ".exe" was appended)... does anyone know if there is a list of common names of CGIs available (for Unix and win platforms) ? Thx Alberto
---------------------------------------- Content-Type: application/x-pkcs7-signature; charset="iso-8859-1"; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Description: ----------------------------------------
Current thread:
- Word lists, again... Alberto Grazi (May 23)
- Re: Word lists, again... Ryan Russell (May 23)
- Re: Word lists, again... H D Moore (May 23)
- Re: Word lists, again... Philip Stoev (May 24)
- <Possible follow-ups>
- RE: Word lists, again... Chris Tobkin (May 24)
- RE: Word lists, again... R. DuFresne (May 24)
- RE: Word lists, again... Barber, Chris (May 24)