RE: Penetration test of 1 IP address
- From: "Levenglick, Jeff" <JLevenglick@xxxxxxxxxxx>
- Date: Thu, 9 Feb 2006 11:31:02 -0500
That's right.. Legal software. I wonder what would happen if this person
was not legit and
The company found out that all of the people on this list helped him?
Or better yet. (as I stated before) This person does not have the
background or knowledge to give this company
A 'real' security audit. This is VERY important. If he were to tell them
that they are ok and something bad happened, we
Would end up where most people feel right now. (that most IT positions
are just paper or fly-by-night)
If you are real, you should take classes or read books. All of us can
point you to web sites, but that does not explain how
To use the software or even the concept of pen testing.
-----Original Message-----
From: Bob Radvanovsky [mailto:rsradvan@xxxxxxxxxxxxx]
Sent: Wednesday, February 08, 2006 11:37 PM
To: Larry Chin; 'Edmond Chow'; 'Michael Gargiullo';
pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Penetration test of 1 IP address
Did you say "Webblaze"? This is what I've found:
http://info.summation.com/products/PF_webblaze.htm Litigation
software??? Hmmmm...Windows-based software
(http://info.summation.com/products/SP_webblaze_specs.htm)...
Did your "login" look anything like this?
URL:
http://precise.precisepresentations.com/WebBlaze/Login.aspx?ReturnUrl=%2
FWebBlaze%2FIndex.aspx
When in doubt...GOOGLE IT!!! 8)))
ONE WORD OF CAUTION...since this system might be used for legal
purposes, get something in writing that allows you to conduct what is
called a "non-destructive test" and MAKE SURE that you DON'T *DESTROY*
their system!
r
DISCLAIMER: I only did a lookup about the product mentioned...nothing
more. ;))
----- Original Message -----
From: Larry Chin [mailto:casslin@xxxxxxxxxxxx]
To: 'Edmond Chow' [mailto:echow@xxxxxxxxxxxx], 'Michael Gargiullo'
[mailto:mgargiullo@xxxxxxxxx], pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Penetration test of 1 IP address
Could try http://www.accessdiver.com for starters.client.
Wikto (http://www.sensepost.com/research/wikto/) to scan the website
You could try nmap'ing the IP address, maybe a web server isn't the
only thing running there.
Just a couple of thoughts
-----Original Message-----
From: Edmond Chow [mailto:echow@xxxxxxxxxxxx]
Sent: Wednesday, February 08, 2006 1:45 AM
To: 'Michael Gargiullo'; pen-test@xxxxxxxxxxxxxxxxx
Cc: 'Edmond Chow'
Subject: RE: Penetration test of 1 IP address
To all:
I have been asked to perform a security audit of 1 IP address for
They have given me the 1 IP address and a clue (webblaze).
If I enter the IP address and then /webblaze, I am taken to a login
page (user name and password requested).
What tools would you recommend that I use for this assignment?
Thanks for your help.
Regards,
Edmond
----------------------------------------------------------------------
------
--
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping
carts, forms, login pages, dynamic content etc. Firewalls, SSL and
locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------
------
---
----------------------------------------------------------------------
-------- Audit your website security with Acunetix Web Vulnerability
Scanner:
Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping
carts, forms, login pages, dynamic content etc. Firewalls, SSL and
locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------
---------
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts,
forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
servers are futile against web application hacking. Check your website
for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
-----------------------------------------
This e-mail message is private and may contain confidential or
privileged information.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- Prev by Date: Re: Penetration test of 1 IP address
- Next by Date: RE: Rainbow Tables
- Previous by thread: RE: Penetration test of 1 IP address
- Next by thread: Fwd: Penetration test of 1 IP address
- Index(es):
Relevant Pages
|
