Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Audit

From: "bacano" <bacano () esoterica pt>
Date: Thu, 6 Sep 2001 20:01:18 +0100
Btw, some have been mentioning "a hacker could spend weeks".
Well, that's true - if the target is interesting enough.
Most "hackers" (scrippies) are just out for the fast kick/breakin to
install their ircbot or a ddos-drone - remove that noise first :>


Since was I that said that, just a little add to say that I was refering to
a hacker not a kidiot.
It's the diference between having sex or hacking playboy.com for free
movies.


Other point in here is: The pen-tester has *one* advantage, he can
ask the customer for an account on a machine, e.g. on a webserver -
just *assume* a CGI is vulnerable (most are anyway :P) and then from the
"start" being the UID which runs the webserver try to elevate your
priviledges.


Again ... the same problem :>

[  ]'s bacano



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: