Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Website detection

From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 21 Feb 2007 14:38:20 -0500
We are doing a PT for one of our customers with 5 webservers. None of

these webservers have the website 

on the main url like http://xxx.xxx.xxx.xxx but they have confirmed that

they have critical applications 

running on all the 5 web servers and for security purposes they have moved

the websites to something 

like http://xxx.xxx.xxx.xxx/yyy.


That's a finding in and of itself.  Security through obscurity might keep
automated scanners at bay, but it's akin to having an anonymous ftp server
running on port 24.  It's still potentially vulnerable even though you have
to jump through extra hoops to find it.


Now manually I guess it will take years to identify the correct URL having

the critical website by using 

guessing techniques. I was wondering if there is a tool that could try

various popular and brute force 

combinations to automatically guess the possible URLs.


Have you tried Google searches using 'site:client.dom' to see if possibly
these URLs are already floating around out there somewhere?

PaulM


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: