Penetration Testing mailing list archives

Re: Word lists, again...

From: H D Moore <hdm () secureaustin com>
Date: Wed, 23 May 2001 20:10:55 -0500

The database which comes with Whisker is fairly complete, albiet the 
vulnerability checks are outdated.  You can find a copy online at 
http://www.wiretrip.net/rfp/



On Wednesday 23 May 2001 04:53 am, Alberto Grazi wrote:

Hi,
  during a pen-test I have found a directory which probably has exec
permission.
Since I didn't have any name of files (listing is not allowed) my
approach was to try a sort of "dictionary attack" on the URL.
I tried with a normal English dictionary but it didn't find anything
(each word was truncated to the 8th char and ".exe" was appended)...
does anyone know if there is a list of common names of CGIs available
(for Unix and win platforms) ?

Thx

Alberto


----------------------------------------
Content-Type: application/x-pkcs7-signature; charset="iso-8859-1"; 
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Description: 
----------------------------------------

Current thread:

Word lists, again... Alberto Grazi (May 23)
- Re: Word lists, again... Ryan Russell (May 23)
- Re: Word lists, again... H D Moore (May 23)
- Re: Word lists, again... Philip Stoev (May 24)
- <Possible follow-ups>
- RE: Word lists, again... Chris Tobkin (May 24)
  - RE: Word lists, again... R. DuFresne (May 24)
- RE: Word lists, again... Barber, Chris (May 24)