Re: Penetration test of 1 IP address

[Ailton Caetano <guerrilha () gmail com>]

www.netcraft.com could also help



2006/2/9, Ailton Caetano <guerrilha () gmail com>:
> Hi you all,
>
> Well, google told webblaze is a web aplication used by Law firms written in asp
> (its login page is login.aspx), so they must be running some version
> of IIS. Trying to access a non-existent folder could give you the web
> server's name and version. You should also look for some sql injection
> possibility on the login page...
>
>
>
>
>
> 2006/2/8, Dave <dlaud.flux () gmail com>:
> > > To all:
> > >
> > > I have been asked to perform a security audit of 1 IP address for client.
> > > They have given me the 1 IP address and a clue (webblaze).
> > >
> > > If I enter the IP address and then /webblaze, I am taken to a login page
> > > (user name and password requested).
> > >
> > > What tools would you recommend that I use for this assignment?
> > nmap and nessus will tell you more about the IP and what other services
> > are running that you might be able to exploit. If they just want you to
> > test the strength of the webpage login then possibly using Brutus will
> > reveal weak passwords etc... although this is generally a bad idea.
> > Right off hand, I cant look now, but webblaze may be a publicly
> > available script...download it and check the source for any possible
> > coding errors that could be exploited.
> >
> > > Thanks for your help.
> > >
> > > Regards,
> > >
> > >
> > > Edmond
> > good luck and take it easy,
> > dave
> >
> >
> > ------------------------------------------------------------------------------
> > Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking applications on your
> > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> > futile against web application hacking. Check your website for vulnerabilities
> > to SQL injection, Cross site scripting and other web attacks before hackers do!
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> > -------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------