Penetration Testing mailing list archives
Firewalls & SSL
From: niumal weerasena <niumal () yahoo com>
Date: Tue, 9 Oct 2001 10:57:15 -0700 (PDT)
Hi there, I am currently performing a blind pen-test for a client who uses more than 2 types of firewalls and has a secured web server. I have done nmap FIN scans (other scans failed) on the secured web server and the rest of the class C address range and found several ips responding. It shows many open ports such as FTP, SMTP, Telnet,BO2K etc. However I cannot exploit/connect to these ports using telnet, ftp & hping because of the firewalls (I suspect!!). I also know that the web server is using Windows 2000 server and I suspect it is located behind 2 firewalls(because traceroute shows additional ip hop for the web server) that only allows port 443 to be accessed. Based on the above, below are my queries: 1) How do I determine the router and firewall IPs and type of firewalls/router used? 2) How can I bypass the firewall to exploit the open ports on the servers? 3) How can I exploit secured (SSL) web server? Appreciate any useful information from anyone out there .. Thanks, Niumal ===== Niumal Weerasena Mobile : +6 012 - 2112654 Email : niumal () yahoo com __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Firewalls & SSL niumal weerasena (Oct 09)
- <Possible follow-ups>
- RE: Firewalls & SSL Yoann Le Corvic (Oct 10)
- RE: Firewalls & SSL Paul Midian (Oct 10)