Penetration Testing mailing list archives
RE: Penetration test of 1 IP address
From: "Sels, Roger" <roger.sels () gov-fbi net>
Date: Thu, 9 Feb 2006 14:01:12 +0100 (CET)
Bob, Edmond, On the "non-destructive test" part, keep in mind to state in the document that you are in no way liable for a service crashing due to an exploit. After all, it could very well happen and would be non-intentional. State that you will do your very best to ensure the operations of the server(s) will not be hampered but foresee the worst case scenario. When dealing with Murphy, put the odds in your favour. I guess that goes for Darwin as well, but that's a different kind of discussion altogether ;-) Kind regards, Roger On Thu, February 9, 2006 5:37 am, Bob Radvanovsky said:
Did you say "Webblaze"? This is what I've found: http://info.summation.com/products/PF_webblaze.htm Litigation software??? Hmmmm...Windows-based software (http://info.summation.com/products/SP_webblaze_specs.htm)... Did your "login" look anything like this? URL: http://precise.precisepresentations.com/WebBlaze/Login.aspx?ReturnUrl=%2FWebBlaze%2FIndex.aspx When in doubt...GOOGLE IT!!! 8))) ONE WORD OF CAUTION...since this system might be used for legal purposes, get something in writing that allows you to conduct what is called a "non-destructive test" and MAKE SURE that you DON'T *DESTROY* their system! r DISCLAIMER: I only did a lookup about the product mentioned...nothing more. ;)) ----- Original Message ----- From: Larry Chin [mailto:casslin () sympatico ca] To: 'Edmond Chow' [mailto:echow () videotron ca], 'Michael Gargiullo' [mailto:mgargiullo () pvtpt com], pen-test () securityfocus com Subject: RE: Penetration test of 1 IP addressCould try http://www.accessdiver.com for starters. Wikto (http://www.sensepost.com/research/wikto/) to scan the website You could try nmap'ing the IP address, maybe a web server isn't the only thing running there. Just a couple of thoughts -----Original Message----- From: Edmond Chow [mailto:echow () videotron ca] Sent: Wednesday, February 08, 2006 1:45 AM To: 'Michael Gargiullo'; pen-test () securityfocus com Cc: 'Edmond Chow' Subject: RE: Penetration test of 1 IP address To all: I have been asked to perform a security audit of 1 IP address for client. They have given me the 1 IP address and a clue (webblaze). If I enter the IP address and then /webblaze, I am taken to a login page (user name and password requested). What tools would you recommend that I use for this assignment? Thanks for your help. Regards, Edmond ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------------------------------------------------------------------------------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
-- Life is 10 percent what you make it and 90 percent how you take it. - Irving Berlin ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Penetration test of 1 IP address, (continued)
- Re: Penetration test of 1 IP address Ailton Caetano (Feb 09)
- RE: Penetration test of 1 IP address Daniel Grzelak (Feb 09)
- RE: Penetration test of 1 IP address Lyal Collins (Feb 09)
- Re: Penetration test of 1 IP address vasile revnic (Feb 09)
- Re: Penetration test of 1 IP address Anonymous (Feb 09)
- Re: Penetration test of 1 IP address Packet Man (Feb 09)
- Re: Penetration test of 1 IP address intel96 (Feb 09)
- Re: Penetration test of 1 IP address Ivan Arce (Feb 15)
- Re: Penetration test of 1 IP address Sugiowono (Feb 09)
- RE: Penetration test of 1 IP address Bob Radvanovsky (Feb 09)
- RE: Penetration test of 1 IP address Sels, Roger (Feb 09)
- RE: Penetration test of 1 IP address Anders Thulin (Feb 09)
- RE: Penetration test of 1 IP address Edmond Chow (Feb 09)
- RE: Penetration test of 1 IP address John Forristel (SunGard-Chico) (Feb 09)
- Re: Penetration test of 1 IP address Dave (Feb 09)
- RE: Penetration test of 1 IP address Clemens, Dan (Feb 09)
- RE: Penetration test of 1 IP address Edmond Chow (Feb 10)
- Re: Penetration test of 1 IP address thomas springer (Feb 10)
- RE: Penetration test of 1 IP address John Forristel (SunGard-Chico) (Feb 09)
- RE: Penetration test of 1 IP address Levenglick, Jeff (Feb 09)
- Message not available
- Fwd: Penetration test of 1 IP address Brian Loe (Feb 09)
- Message not available