WebApp Sec mailing list archives

Re: Website "Scanner"

From: backed.up.by.2048.bit.encryption () hushmail com
Date: Wed, 8 Jan 2003 15:22:04 -0800


-----BEGIN PGP SIGNED MESSAGE-----



On Wed, 08 Jan 2003 14:21:16 -0800 sullo () cirt net wrote:

2) take all the files an mix them with all the directories from
the scan
database, so that:
 /dir1/file1.html
 /dir2/file2.html
 /dir3/file3.html
turns into requests for
 /dir1/file1.html
 /dir1/file2.html
 /dir1/file3.html
 /dir2/file1.html
 /dir2/file2.html
 /dir2/file3.html
 /dir3/file1.html
 /dir3/file2.html
 /dir3/file3.html



Yes, this is more the idea.  We are not looking for vulns. or xploits, rather trying to intelligently "guess" what else 
is in that directory. Either through dictionary use or other use. For example the following is publicly accessible:

http://www.microsoft.com/new_products/bigwinner2003.html

We want to find out what else might be in "new_products" so we plug in say the words "big" "winner" "2003" and let our 
dictionary spin:

 biggerwinner2003.html - nothing
 bigloser2002.html - hit

etc.

Combining the dictionary and words from a specific site or files visible publicly, we try to guess the names of 
whatever else might be in that directory.

You can do this manually with small time sites and obvious file names e.g. index1.html...index2.html etc. Even 
annualreport2002.html is visible, try annualreport.2003.html

You can guess and hit on files that are not intended for public consumption.

If it can be automated with user input for obvious keywords, you probably could strike many interesting and sensitive 
files in the directory.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wnUEARECADUFAj4csi8uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
c2htYWlsLmNvbQAKCRDEHQGvBp4eRGE4AJ4joBLhRlZYcBX7sxnOmgYPfbtYOgCfUFun
Y0PA+csb++5g+pM+c/0Bkok=
=SFPk
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Current thread:

RE: Website "Scanner", (continued)
- RE: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 08)
- Re: Website "Scanner" Chris Reining (Jan 08)
- Re: Website "Scanner" Nicolas Waisman (Jan 11)
- RE: Website "Scanner" Chris Neppes (Jan 08)
- RE: Website "Scanner" Zimin, Alex (Jan 08)
- Re: Website "Scanner" Joris De Donder (Jan 08)
- RE: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
  - RE: Website "Scanner" glyng (Jan 08)
    - Re: Website "Scanner" Kurt Seifried (Jan 08)
    - Re: Website "Scanner" sullo (Jan 09)
- Re: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
  - Re: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 09)
    - Re: Website "Scanner" Chris Wysopal (Jan 09)
    - Re: Website "Scanner" Mary Landesman (Jan 21)
    - Re: Website "Scanner" Dave Aitel (Jan 09)
    - Re: Website "Scanner" Kevin Spett (Jan 11)
    - RE: Website "Scanner" glyn (Jan 10)
    - Re: Website "Scanner" Todd Charron (Jan 11)
  - RE: Website "Scanner" Ian Griffiths (Jan 11)
  - Re: Website "Scanner" Mike Shaw (Jan 21)
- Re: Website "Scanner" Pig Monkey (Jan 09)

(Thread continues...)