Penetration Testing mailing list archives
Re: Blind penetration testing
From: Andrew Simmons <andrew () zpok demon co uk>
Date: Thu, 04 Oct 2001 19:36:21 +0100
Ilici Ramirez wrote:
Some hints for reconnnaissance only: 1. review content of their web pages, download themlocaly - look for names, emails, phone numbers, technologies- search for scripts or asp included in html - programming bugs, overflows, comments, etc.
I like to use ` wget --mirror www.target.tld ' to get a local mirror of the site, which I can go through at my leisure looking for interesting information. Another good third party source of info is Netcraft; as well as the HTTP server and OS (usually), they now show uptime records which are interesting (target has recently changed platform, target is IIS but has been up for over a month... :)
Ilici R
\a -- ===( Andrew Simmons PGP key: http://pgpkeys.mit.edu ===( Security, network and sys admin, Perl programming ===( http://www.zpok.demon.co.uk/doc/cv.txt ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Blind penetration testing Trey Mujakporue (Oct 02)
- Re: Blind penetration testing Meritt James (Oct 04)
- RE: Blind penetration testing Jim Becher (Oct 04)
- <Possible follow-ups>
- RE: Blind penetration testing Sanchez, Scott (Oct 04)
- Re: Blind penetration testing hofmemi (Oct 04)
- Re: Blind penetration testing Ilici Ramirez (Oct 04)
- Re: Blind penetration testing Andrew Simmons (Oct 04)
- RE: Blind penetration testing Grab Raham (Oct 04)