Penetration Testing mailing list archives
RE: Word lists, again...
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 24 May 2001 14:37:31 -0400 (EDT)
This URL brings one to a sweet listing such as: admin.php3 admin administrators.pwd adminlogin admin-serv adpassword.txt af.cgi| exploit (perl) aglimpse Album allmanage.pl amadmin.pl| exploit (html form) apexec.pl AT-generate.cgi| exploit (html form) admin-serv auctionweaver.pl| exploit (perl) authors.pwd bb-hist.sh bb-hostsvc.sh bb-histlog.sh Now, being I read and speak english, where at this site is the tool in question, as the other pages for this site seem to not be english based. Thanks, Ron DuFresne On Wed, 23 May 2001, Chris Tobkin wrote:
Yep, whisker has a pretty good database, but I just found this one yesterday.. http://www.ukrt.f2s.com/bugs.htm Which has a pretty good and complete list of all sorts of CGIs and vulnerabilities I've never seen before.. // Chris tobkin () intersec com -----Original Message----- From: H D Moore [mailto:hdm () secureaustin com] Sent: Wednesday, May 23, 2001 8:11 PM To: Alberto Grazi; PEN-TEST () securityfocus com Subject: Re: Word lists, again... The database which comes with Whisker is fairly complete, albiet the vulnerability checks are outdated. You can find a copy online at http://www.wiretrip.net/rfp/ On Wednesday 23 May 2001 04:53 am, Alberto Grazi wrote:Hi, during a pen-test I have found a directory which probably has exec permission. Since I didn't have any name of files (listing is not allowed) my approach was to try a sort of "dictionary attack" on the URL. I tried with a normal English dictionary but it didn't find anything (each word was truncated to the 8th char and ".exe" was appended)... does anyone know if there is a list of common names of CGIs available (for Unix and win platforms) ? Thx Alberto---------------------------------------- Content-Type: application/x-pkcs7-signature; charset="iso-8859-1"; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Description: ----------------------------------------
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Word lists, again... Alberto Grazi (May 23)
- Re: Word lists, again... Ryan Russell (May 23)
- Re: Word lists, again... H D Moore (May 23)
- Re: Word lists, again... Philip Stoev (May 24)
- <Possible follow-ups>
- RE: Word lists, again... Chris Tobkin (May 24)
- RE: Word lists, again... R. DuFresne (May 24)
- RE: Word lists, again... Barber, Chris (May 24)