PaulDotCom mailing list archives
party trick to shut up the non-believers
From: wesleymcgrew at gmail.com (Robert McGrew)
Date: Wed, 5 May 2010 08:31:08 -0500
On Mon, May 3, 2010 at 10:54 AM, Robin Wood <robin at digininja.org> wrote:
Hi At a party the other day I was asked the normal question of what do I do for a living. I said security and kept it a bit vague but was pressed so explained what pen-testing is and roughly what I do. I then got the challenge, prove it, prove you can hack a company. People would say to a dentist, prove you can do a filling but this person insisted they wanted a demo. I explained the legalities and finally fobbed them off and got away but it got me thinking, has anyone got any good party tricks that they can pull in this kind of situation that give an instant wow but are easy to do and legal? Not quite legal but I was thinking if I knew any big sites with XSS I could rewrite but none came to mind at that time.
I sent Robin a specific example of the below trick off-list, but there's no harm in going over the general idea on-list :) : I often show off early steps of the recon phase--information gathering from publicly available sources without sending any sort of weird traffic the target's way. This avoids doing anything illegal, and is more impressive to most than a contrived attack on my own stuff. A favorite quick trick that I can do from anyone's computer is to find secret/obscure/forgotten areas of company web sites using Google. I start with a: site:example.com ...and start enumerating interesting subdomains by subtracting out common/uninteresting ones that show up in the results: site:example.com -site:www.example.com -site:pr.example.com ...and/or subtracting out pages that match the normal naming scheme, in order to find the unusual ones. site:example.com -intitle:"Example Technologies Inc." Most of the time, I know of one or two current examples of companies that have secret (but mostly harmless) portions of their web presence. I'll do the demo with one of those that I know will work, and occasionally follow up with off-the-cuff searches on sites owned by folks I am talking to. This is easy enough that people who aren't in the field can follow and understand exactly what you're doing, and you can follow it up with interesting war stories of things you've seen and done past this phase. Overall, if you're enjoy what you do and you like telling stories, it's pretty easy to catch peoples' interest talking about penetration testing. -- Wesley McGrew http://mcgrewsecurity.com
Current thread:
- party trick to shut up the non-believers, (continued)
- party trick to shut up the non-believers Robin Wood (May 05)
- party trick to shut up the non-believers Robert McGrew (May 05)
- party trick to shut up the non-believers d4ncingd4n at gmail.com (May 05)
- party trick to shut up the non-believers John Strand (May 05)
- party trick to shut up the non-believers Robin Wood (May 04)
- party trick to shut up the non-believers John Strand (May 03)
- party trick to shut up the non-believers d4ncingd4n at gmail.com (May 05)