Penetration Testing mailing list archives
Re: Penetration test of 1 IP address
From: Ailton Caetano <guerrilha () gmail com>
Date: Thu, 9 Feb 2006 12:53:50 -0200
www.netcraft.com could also help 2006/2/9, Ailton Caetano <guerrilha () gmail com>:
Hi you all, Well, google told webblaze is a web aplication used by Law firms written in asp (its login page is login.aspx), so they must be running some version of IIS. Trying to access a non-existent folder could give you the web server's name and version. You should also look for some sql injection possibility on the login page... 2006/2/8, Dave <dlaud.flux () gmail com>:To all: I have been asked to perform a security audit of 1 IP address for client. They have given me the 1 IP address and a clue (webblaze). If I enter the IP address and then /webblaze, I am taken to a login page (user name and password requested). What tools would you recommend that I use for this assignment?nmap and nessus will tell you more about the IP and what other services are running that you might be able to exploit. If they just want you to test the strength of the webpage login then possibly using Brutus will reveal weak passwords etc... although this is generally a bad idea. Right off hand, I cant look now, but webblaze may be a publicly available script...download it and check the source for any possible coding errors that could be exploited.Thanks for your help. Regards, Edmondgood luck and take it easy, dave ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Penetration test of 1 IP address, (continued)
- RE: Penetration test of 1 IP address Sels, Roger (Feb 09)
- Re: Penetration test of 1 IP address Ivan . (Feb 09)
- Re: Penetration test of 1 IP address Dave (Feb 08)
- RE: Penetration test of 1 IP address Matt Bowles (Feb 09)
- Message not available
- RE: Penetration test of 1 IP address T0aD (Feb 09)
- RE: Penetration test of 1 IP address Sels, Roger (Feb 09)
- RE: Penetration test of 1 IP address Erin Carroll (Feb 10)
- Re: Penetration test of 1 IP address Christine Kronberg (Feb 09)
- Re: Penetration test of 1 IP address Buz Dale (Feb 09)
- Re: Penetration test of 1 IP address Ailton Caetano (Feb 09)
- Re: Penetration test of 1 IP address Ailton Caetano (Feb 09)
- RE: Penetration test of 1 IP address Daniel Grzelak (Feb 09)
- RE: Penetration test of 1 IP address Lyal Collins (Feb 09)
- Re: Penetration test of 1 IP address vasile revnic (Feb 09)
- Re: Penetration test of 1 IP address Anonymous (Feb 09)
- Re: Penetration test of 1 IP address Packet Man (Feb 09)
- Re: Penetration test of 1 IP address intel96 (Feb 09)
- Re: Penetration test of 1 IP address Ivan Arce (Feb 15)
- Re: Penetration test of 1 IP address Sugiowono (Feb 09)
- RE: Penetration test of 1 IP address Bob Radvanovsky (Feb 09)
- RE: Penetration test of 1 IP address Sels, Roger (Feb 09)