Re: Pentesting a Web Applicaton

["Jamie Riden" <jamie.riden () gmail com>]

On 01/06/07, Stong, Ian C CTR DISA GIG-CS <Ian.Stong.ctr () disa mil> wrote:
> Because I have years of configuration and tweaks on it and various
> services would be down while reconfiguring it.  Looking for little to no
> downtime.  As an example I run VOIP through it with specific source
> destination pairs and specific port/protocol filters.  Multiply that by
> 30 and you have the configuration that I would have to redo on the
> device. Meanwhile downtime while configuring and sniffing each
> application to determine exact ports to allow through, VPN peers to
> establish, applications to NAT, port remappings for public to private
> ports.....

Hi Ian,

Are we talking about a strong password here? Because there is no
feasible way to guess an 8 character password with upper and lower
case and digits, such as 'FhsfaS2!'. There are more than 62**8 such
passwords which is far too many to brute force.

Otherwise, here's two tools I've seen - been a while though so I can't
offer an opinion:
http://www.darknet.org.uk/2007/02/thc-hydra-the-fast-and-flexible-network-login-hacking-tool/
http://www.darknet.org.uk/2006/12/wwwhack-19-download-wwwhack19zip-web-hacking-tool/

Barnaby Jack has done some interesting stuff recently with JTAG,
exploits and ARM-based stuff, but this is probably further than you
want to go:

https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Jack.pdf
http://cansecwest.com/slides07/Vector-Rewrite-Attack.pdf
http://cansecwest.com/slides07/csw07-jack.pdf

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------