Penetration Testing mailing list archives

[PEN-TEST] How to deal with others' security ?

From: Nicolas Gregoire <nicolas.gregoire () 7THZONE COM>
Date: Tue, 22 Aug 2000 09:58:50 +0200

Hi,

please excuse my (very) poor english.

My question is simple :
- you have to do a penetration test on a web server.
- you discover that there are virtual hosts on the same box than the web
site you have to check.

first question :
do you know how to learn which virtual hosts are hosted on this machine
? (reverse dns lookups, etc )
[I think it's very important to know that because the others web site
can have exploitable cgi, resulting in the ability to root the box and
deface all the virtual hosts]

second question :
how to deal with others' virtual hosts security [ie. they have poor cgi]
?
how obtain authorization to scan these virtual hosts ?


thanks in advance

Nicob
nicob () 7thzone com

Current thread:

[PEN-TEST] How to deal with others' security ? Nicolas Gregoire (Aug 22)
- Re: [PEN-TEST] How to deal with others' security ? Max Vision (Aug 23)
- Re: [PEN-TEST] How to deal with others' security ? Ejovi Nuwere (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] How to deal with others' security ? Steve (Aug 23)
- Re: [PEN-TEST] How to deal with others' security ? Meritt, Jim (Aug 24)