Penetration Testing mailing list archives
Help popping a web application
From: Maudite MLRL <maudite.mlrl () gmail com>
Date: Tue, 14 Feb 2006 19:13:11 -0700
Ok, Working on a Black Box application test and I am looking for a little input on some things to try to get through this application. This is against production deployed code but the test is against the test lab systems so messing up the system is ok. The goal is elevated privilege and/or data manipulation. What I am up against is a 3 tier web application. Rules/scope are application only, no direct service attacks against the OS/Network/ or server system (IIS 5) itself. So like no metasploit type garbage. Hand jamming all the way and through the web interface only. Background: Web tier: Web Server is IIS 5.0, on win 2k Application server Tier: application server is Websphere 6.0 on Win2k DB tier is MS SQL on win 2k. All separate boxes. Code base is Java. Authentication is handled by Active Directory (out of scope). This is an internal app. There are probably firewalls between me and the primary web server, but my area is application only anyway. I have a user level login. Whole connection scheme is SSL (cookies/presentation/ all of it). Web inspect offered NO vulnerabilities. What I have done both in the html portion of the application and catching the info at a Burp Suite Proxy so I could by pass any funky filtering: Standard 1=1 and ' type injections at multiple input locations. Produced no errors just a custom "did not meet criteria message". Directory transversal – no joy URL rewrite for bypassing any login type criteria- no joy Sequential session ID checks to hijack a 1 up system – no joy they are random Large input (5000 characters) to see if I could force an error. Bad option to a field sort request – got a custom error message stating call the administrator. No information No information in the html code. Column headings do not appear to match DB tables when other requests are manipulated with html information. Cookies and web pages are not cached. There was other stuff but I am a little drained to remember right now. I have until Sunday to pop this then my window closes. Anything can help at this point. I hate to loose. Maudite.
Current thread:
- Help popping a web application Maudite MLRL (Feb 16)