Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Penetration test of 1 IP address

From: Buz Dale <buz.dale () usg edu>
Date: Thu, 09 Feb 2006 08:02:36 -0500
To all:

I have been asked to perform a security audit of 1 IP address for client.
They have given me the 1 IP address and a clue (webblaze).

If I enter the IP address and then /webblaze, I am taken to a login page
(user name and password requested).

What tools would you recommend that I use for this assignment?

Go ahead and run nmap and nessus against the box. Hopefully this will
give you some infromation such as what OS, what webserver and if any
other ports are listening.  If you can get info on the OS and httpd
versions you can then look for exploits or problems.  Also you might
google "webblaze".  you might find some interesting info there and some
other places to look. "iblaze server?"  (By googling "webblaze" I'm
pretty sure this is on a WinOS and that makes me think IIS.

Luck,
Buz

 

Thanks for your help.

Regards,


Edmond
 


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: