Penetration Testing mailing list archives
Re: nessus exceptions
From: Paul Johnston <paul () westpoint ltd uk>
Date: Wed, 04 Aug 2004 11:54:34 +0100
Hi,Perhaps you could try setting up an IIS specific vulnerability, e.g. iis_authentification_manager.nasl but use URL scan to rewrite the Server: header to say Apache. An optimized Nessus test will miss this; optimization is on by default.
Regards, Paul Chris Griffin wrote:
Hi list, Im trying to find some good holes, that aren't major security issues, that i can create on a machine to see if our testing company really uses anything other than nessus.
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk
Current thread:
- nessus exceptions Chris Griffin (Aug 03)
- RE: nessus exceptions Jerry Shenk (Aug 03)
- Re: nessus exceptions Andres Riancho (Aug 03)
- Re: nessus exceptions Jacco Tunnissen (Aug 09)
- Re: nessus exceptions hellNbak (Aug 03)
- Re: nessus exceptions Mr. Rufus Faloofus (Aug 03)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Stefano Zanero (Aug 10)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Paul Johnston (Aug 05)
- RE: nessus exceptions Marc Heuse (Aug 05)
- Re: nessus exceptions DokFLeed.Net (Aug 05)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- RE: nessus exceptions R. DuFresne (Aug 09)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- Re: nessus exceptions Pete Herzog (Aug 05)
- <Possible follow-ups>
- Re: nessus exceptions Chris McNab (Aug 05)
- Re: nessus exceptions H Carvey (Aug 05)
- RE: nessus exceptions Strand, John (Aug 09)