RE: Penetration test of 1 IP address



Bob,
Edmond,

On the "non-destructive test" part, keep in mind to state in the document
that you are in no way liable for a service crashing due to an exploit.
After all, it could very well happen and would be non-intentional. State
that you will do your very best to ensure the operations of the server(s)
will not be hampered but foresee the worst case scenario.

When dealing with Murphy, put the odds in your favour.
I guess that goes for Darwin as well, but that's a different kind of
discussion altogether ;-)

Kind regards,

Roger


On Thu, February 9, 2006 5:37 am, Bob Radvanovsky said:
Did you say "Webblaze"? This is what I've found:
http://info.summation.com/products/PF_webblaze.htm Litigation software???
Hmmmm...Windows-based software
(http://info.summation.com/products/SP_webblaze_specs.htm)...

Did your "login" look anything like this?
URL:
http://precise.precisepresentations.com/WebBlaze/Login.aspx?ReturnUrl=%2FWebBlaze%2FIndex.aspx

When in doubt...GOOGLE IT!!! 8)))

ONE WORD OF CAUTION...since this system might be used for legal purposes,
get something in writing that allows you to conduct what is called a
"non-destructive test" and MAKE SURE that you DON'T *DESTROY* their
system!

r

DISCLAIMER: I only did a lookup about the product mentioned...nothing
more. ;))

----- Original Message -----
From: Larry Chin [mailto:casslin@xxxxxxxxxxxx]
To: 'Edmond Chow' [mailto:echow@xxxxxxxxxxxx], 'Michael Gargiullo'
[mailto:mgargiullo@xxxxxxxxx], pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Penetration test of 1 IP address


Could try http://www.accessdiver.com for starters.

Wikto (http://www.sensepost.com/research/wikto/) to scan the website

You could try nmap'ing the IP address, maybe a web server isn't the only
thing running there.

Just a couple of thoughts

-----Original Message-----
From: Edmond Chow [mailto:echow@xxxxxxxxxxxx]
Sent: Wednesday, February 08, 2006 1:45 AM
To: 'Michael Gargiullo'; pen-test@xxxxxxxxxxxxxxxxx
Cc: 'Edmond Chow'
Subject: RE: Penetration test of 1 IP address




To all:

I have been asked to perform a security audit of 1 IP address for
client.
They have given me the 1 IP address and a clue (webblaze).

If I enter the IP address and then /webblaze, I am taken to a login page
(user name and password requested).

What tools would you recommend that I use for this assignment?

Thanks for your help.

Regards,


Edmond


----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are

futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are

futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------




--
Life is 10 percent what you make it and 90 percent how you take it. -
Irving Berlin


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • Re: Qualys
    ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: Pre-Scanning for Marketing
    ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: Qualys
    ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: New article on SecurityFocus (.WMF Vuln)
    ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Penetration test of 1 IP address
    ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ...
    (Pen-Test)