Penetration Testing mailing list archives
RE: Penetration test of 1 IP address
From: "Navroz Shariff" <nshariff () americanbible org>
Date: Thu, 9 Feb 2006 16:24:05 -0500
Interesting...the original inquirer hasn't replied in his defense. -----Original Message----- From: Bob Radvanovsky [mailto:rsradvan () unixworks net] Sent: Thursday, February 09, 2006 11:46 AM To: Levenglick, Jeff; Larry Chin; Edmond Chow; Michael Gargiullo; pen-test () securityfocus com Subject: RE: Penetration test of 1 IP address I would tend to agree with that statement. members of this list no idea if the the individual posing the question has nefarious intentions, or not. No disrespect to the original poster of the question to the list, or the moderator for that matter, in extremely paranoid times these days, simply uttering the wrong word in public (within the context of a sentence) can get you a one-way ticket into jail these! So...take things a down a few notches and remember that hacking these days, esp. in the eyes of our governments (federal, state, local), not to mention Corporate America, views it as a form of "cyberterrorism" -- first and foremost -- BEFORE they would ever consider it NOT to (OK...that sounded way too circular, but if you read it carefully, you'll understand what I'm trying to convey) be labelled as "cyberterrorism". In my defense (as a form of disclaimation), the requesting individual mentioned the word "/webblaze", and I simply looked it up on Google -- nothing more. I have not mentioned any methods of attack, or how he should go about attempting a penetration into that server. That is left entirely up to that individual. ;) -rad ----- Original Message ----- From: "Levenglick, Jeff" [mailto:JLevenglick () fhlbatl com] To: Bob Radvanovsky [mailto:rsradvan () unixworks net], Larry Chin [mailto:casslin () sympatico ca], Edmond Chow [mailto:echow () videotron ca], Michael Gargiullo [mailto:mgargiullo () pvtpt com], pen-test () securityfocus com Subject: RE: Penetration test of 1 IP address
That's right.. Legal software. I wonder what would happen if this person was not legit and The company found out that all of the people on this list helped him? Or better yet. (as I stated before) This person does not have the background or knowledge to give this company A 'real' security audit. This is VERY important. If he were to tell them that they are ok and something bad happened, we Would end up where most people feel right now. (that most IT positions are just paper or fly-by-night) If you are real, you should take classes or read books. All of us can point you to web sites, but that does not explain how To use the software or even the concept of pen testing. -----Original Message----- From: Bob Radvanovsky [mailto:rsradvan () unixworks net] Sent: Wednesday, February 08, 2006 11:37 PM To: Larry Chin; 'Edmond Chow'; 'Michael Gargiullo'; pen-test () securityfocus com Subject: RE: Penetration test of 1 IP address Did you say "Webblaze"? This is what I've found: http://info.summation.com/products/PF_webblaze.htm Litigation software??? Hmmmm...Windows-based software (http://info.summation.com/products/SP_webblaze_specs.htm)... Did your "login" look anything like this? URL: http://precise.precisepresentations.com/WebBlaze/Login.aspx?ReturnUrl= %2 FWebBlaze%2FIndex.aspx When in doubt...GOOGLE IT!!! 8))) ONE WORD OF CAUTION...since this system might be used for legal purposes, get something in writing that allows you to conduct what is called a "non-destructive test" and MAKE SURE that you DON'T *DESTROY*
their system! r DISCLAIMER: I only did a lookup about the product mentioned...nothing more. ;)) ----- Original Message ----- From: Larry Chin [mailto:casslin () sympatico ca] To: 'Edmond Chow' [mailto:echow () videotron ca], 'Michael Gargiullo' [mailto:mgargiullo () pvtpt com], pen-test () securityfocus com Subject: RE: Penetration test of 1 IP addressCould try http://www.accessdiver.com for starters. Wikto (http://www.sensepost.com/research/wikto/) to scan the website You could try nmap'ing the IP address, maybe a web server isn't the only thing running there. Just a couple of thoughts -----Original Message----- From: Edmond Chow [mailto:echow () videotron ca] Sent: Wednesday, February 08, 2006 1:45 AM To: 'Michael Gargiullo'; pen-test () securityfocus com Cc: 'Edmond Chow' Subject: RE: Penetration test of 1 IP address To all: I have been asked to perform a security audit of 1 IP address forclient.They have given me the 1 IP address and a clue (webblaze). If I enter the IP address and then /webblaze, I am taken to a login page (user name and password requested). What tools would you recommend that I use for this assignment? Thanks for your help. Regards, Edmond -------------------------------------------------------------------- -- ------ -- Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------- -- ------ --- -------------------------------------------------------------------- -- -------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------- -- ------------------------------------------------------------------------------- -- ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------- -- ------- ----------------------------------------- This e-mail message is private and may contain confidential or privileged information.
------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Penetration test of 1 IP address, (continued)
- RE: Penetration test of 1 IP address Edmond Chow (Feb 10)
- Re: Penetration test of 1 IP address thomas springer (Feb 10)
- RE: Penetration test of 1 IP address John Forristel (SunGard-Chico) (Feb 09)
- RE: Penetration test of 1 IP address Levenglick, Jeff (Feb 09)
- Message not available
- Fwd: Penetration test of 1 IP address Brian Loe (Feb 09)
- Re: Fwd: Penetration test of 1 IP address Justin Seitz (Feb 09)
- Message not available
- RE: Penetration test of 1 IP address Beau Mersereau (Feb 09)
- RE: Penetration test of 1 IP address Bob Radvanovsky (Feb 09)
- Re: Fwd: Penetration test of 1 IP address Bob Radvanovsky (Feb 09)
- Re: Fwd: Penetration test of 1 IP address pagvac (Feb 09)
- RE: Penetration test of 1 IP address Navroz Shariff (Feb 09)
- Re: Penetration test of 1 IP address Ratna Kumar (Feb 10)
- RE: Penetration test of 1 IP address Levenglick, Jeff (Feb 10)
- Re: Penetration test of 1 IP address Bob Radvanovsky (Feb 10)
- RE: Penetration test of 1 IP address Michael Gargiullo (Feb 10)
- Re: Penetration test of 1 IP address pagvac (Feb 11)