Re: Penetration test of 1 IP address

[Dave <dlaud.flux () gmail com>]

John Forristel (SunGard-Chico) wrote:

> WebBlaze is a way for lawyers to share documents.  As Dave mentioned,
> scan the machine with nmap, Nessus, and other tools.  Be careful with
> Brutus, you can lock out accounts very quickly and your information is
> logged for all to see.  WebBlaze is a webform, not a listening protocol,
> so it may be that the software is using a local database to store login
> information.  Try gaining access without using WebBlaze.
>  
May I ask why you recommended trying to gain access without using 
webblaze? As you said previously, weblaze could be using a database to 
hold valuable information etc... doesnt *possible* SQL injection come 
into mind? The pen tester could potentially get a wealth of information 
even if the box cant be cracked.

> Then look on the website for the company you are trying to penetrate.
> Email addresses make for good login material.
>
> Check to see if there is a default password for WebBlaze and try that.  
>
> My $1.32 (2 cents + inflation)
>
>
>
> John Forristel
> Network Security Analyst
> SunGard Bi-Tech
>
> "You don't have to lie to me, we aren't married."
>
>
>  
>
>
>  


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------