Penetration Testing mailing list archives
Re: Penetration test of 1 IP address
From: Christine Kronberg <Christine_Kronberg () genua de>
Date: Thu, 9 Feb 2006 11:13:03 +0100 (CET)
On Wed, 8 Feb 2006, Dave wrote:
To all: I have been asked to perform a security audit of 1 IP address for client. They have given me the 1 IP address and a clue (webblaze). If I enter the IP address and then /webblaze, I am taken to a login page (user name and password requested). What tools would you recommend that I use for this assignment?nmap and nessus will tell you more about the IP and what other services are
I'm not so much impressed by using nessus. In most cases I archieve more by using nmap, telnet and brain. Might be due to the fact the last couple of pen-tests were against computers pretty much protected. For the original poster as a starting I recommend using nmap to see whether other ports on that host are available.
running that you might be able to exploit. If they just want you to test the strength of the webpage login then possibly using Brutus will reveal weak passwords etc... although this is generally a bad idea. Right off hand, I cant look now, but webblaze may be a publicly available script...download it and check the source for any possible coding errors that could be exploited.
Before you can exploit a possible weakness you have to bypass the authentication. If this can be done depends on the type of authentication. Searching for weak password is certainly a way to go. But: If you don't have any username to start, you must use a list of common usernames and a list of weak passwords. Ok, no problem to get those lists. But you have to test each password foreach user. That consumes a good deal of time. If you are not allowed to harm the computer by filling up the logfiles whatever this does to the node, you are very limited. Example: I did that for a customer a while ago. First step was to get some probable usernames from google. Found about 100. Now, my private password list has about 12 Mio entries. Stripping them down to a maximum of 8 characters left about 4.5 Mio entries. Using hydra with abount 180 tries/min gives: 100 x 4.5Mio /180 = 1736 days. No way to go. So you need to use a very small password lists (really easy passwords). But then it is highly unlikely that you find something. I ended up calculating my paramters for a runtime of 5 hours. I remember the thread about password cracking a while back pretty well. But I wonder: How many of you do this over the net? Not having any username to check on? It is one thing to have an encrypted password list, it is completely different to have nothing at all. Cheers, Christine Kronberg. -- GeNUA mbH ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Penetration test of 1 IP address Edmond Chow (Feb 08)
- RE: Penetration test of 1 IP address Larry Chin (Feb 08)
- RE: Penetration test of 1 IP address Erin Carroll (Feb 08)
- RE: Penetration test of 1 IP address Sels, Roger (Feb 09)
- Re: Penetration test of 1 IP address Ivan . (Feb 09)
- Re: Penetration test of 1 IP address Dave (Feb 08)
- RE: Penetration test of 1 IP address Matt Bowles (Feb 09)
- Message not available
- RE: Penetration test of 1 IP address T0aD (Feb 09)
- RE: Penetration test of 1 IP address Sels, Roger (Feb 09)
- RE: Penetration test of 1 IP address Erin Carroll (Feb 10)
- Re: Penetration test of 1 IP address Christine Kronberg (Feb 09)
- Re: Penetration test of 1 IP address Buz Dale (Feb 09)
- Re: Penetration test of 1 IP address Ailton Caetano (Feb 09)
- Re: Penetration test of 1 IP address Ailton Caetano (Feb 09)
- RE: Penetration test of 1 IP address Daniel Grzelak (Feb 09)
- RE: Penetration test of 1 IP address Lyal Collins (Feb 09)
- Re: Penetration test of 1 IP address vasile revnic (Feb 09)
- Re: Penetration test of 1 IP address Anonymous (Feb 09)
- Re: Penetration test of 1 IP address Packet Man (Feb 09)
- Re: Penetration test of 1 IP address intel96 (Feb 09)
- Re: Penetration test of 1 IP address Ivan Arce (Feb 15)