Penetration Testing mailing list archives
RE: Penetration test of 1 IP address
From: "Beau Mersereau" <bm () fr com>
Date: Thu, 9 Feb 2006 10:24:16 -0800
Webblaze is the browser based version of Summation. It only runs on IIS. Most likely the back end will not be a SQL based database. While Summation does have a SQL back end for their product, very few law firms are running the SQL back end. SQL back end product is fairly new. The DB is fairly proprietary. http://www.ctsummation.com/ Summation is used for Litigation Support. -----Original Message----- From: Ailton Caetano [mailto:guerrilha () gmail com] Sent: Thursday, February 09, 2006 6:51 AM To: pen-test () securityfocus com Subject: Re: Penetration test of 1 IP address Hi you all, Well, google told webblaze is a web aplication used by Law firms written in asp (its login page is login.aspx), so they must be running some version of IIS. Trying to access a non-existent folder could give you the web server's name and version. You should also look for some sql injection possibility on the login page... 2006/2/8, Dave <dlaud.flux () gmail com>:
To all: I have been asked to perform a security audit of 1 IP address for
client.
They have given me the 1 IP address and a clue (webblaze). If I enter the IP address and then /webblaze, I am taken to a login page (user name and password requested). What tools would you recommend that I use for this assignment?nmap and nessus will tell you more about the IP and what other services are running that you might be able to exploit. If they just want you to test the strength of the webpage login then possibly using
Brutus will reveal weak passwords etc... although this is generally a
bad idea.
Right off hand, I cant look now, but webblaze may be a publicly available script...download it and check the source for any possible coding errors that could be exploited.Thanks for your help. Regards, Edmondgood luck and take it easy, dave ---------------------------------------------------------------------- -------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site
scripting and other web attacks before hackers do!
Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------- ---------
------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Penetration test of 1 IP address, (continued)
- RE: Penetration test of 1 IP address Edmond Chow (Feb 09)
- RE: Penetration test of 1 IP address John Forristel (SunGard-Chico) (Feb 09)
- Re: Penetration test of 1 IP address Dave (Feb 09)
- RE: Penetration test of 1 IP address Clemens, Dan (Feb 09)
- RE: Penetration test of 1 IP address Edmond Chow (Feb 10)
- Re: Penetration test of 1 IP address thomas springer (Feb 10)
- RE: Penetration test of 1 IP address John Forristel (SunGard-Chico) (Feb 09)
- RE: Penetration test of 1 IP address Levenglick, Jeff (Feb 09)
- Message not available
- Fwd: Penetration test of 1 IP address Brian Loe (Feb 09)
- Re: Fwd: Penetration test of 1 IP address Justin Seitz (Feb 09)
- Message not available
- RE: Penetration test of 1 IP address Beau Mersereau (Feb 09)
- RE: Penetration test of 1 IP address Bob Radvanovsky (Feb 09)
- Re: Fwd: Penetration test of 1 IP address Bob Radvanovsky (Feb 09)
- Re: Fwd: Penetration test of 1 IP address pagvac (Feb 09)
- RE: Penetration test of 1 IP address Navroz Shariff (Feb 09)
- Re: Penetration test of 1 IP address Ratna Kumar (Feb 10)
- RE: Penetration test of 1 IP address Levenglick, Jeff (Feb 10)
- Re: Penetration test of 1 IP address Bob Radvanovsky (Feb 10)
- RE: Penetration test of 1 IP address Michael Gargiullo (Feb 10)
- Re: Penetration test of 1 IP address pagvac (Feb 11)