WebApp Sec mailing list archives
RE: Website "Scanner"
From: <glyn () corsaire com>
Date: Thu, 9 Jan 2003 13:47:32 -0000
I think we're safely in the realms of "authorised security assessments" here. Typically, part of an assessment will be to determine how much information an unprivileged attacker may gather from a site, for example using cgi-scanners or dictionary orientated attacks.
-----Original Message----- From: Nelson Sampaio Araujo Junior [mailto:nelson () lunenetworks com br] Sent: 09 January 2003 01:52 To: sullo () cirt net; backed.up.by.2048.bit.encryption () hushmail com Cc: webappsec () securityfocus com; vuln-dev () securityfocus com Subject: Re: Website "Scanner" Well, That sounds you're not doing something legal with it. If you are the owner of the server/system, just dir or list them. Another hint is that if the administrator has disabled the Index option, its probably because you can't do it (legally speaking). - Nelson ----- Original Message ----- From: <backed.up.by.2048.bit.encryption () hushmail com> To: <sullo () cirt net> Cc: <webappsec () securityfocus com>; <vuln-dev () securityfocus com> Sent: Wednesday, January 08, 2003 3:22 PM Subject: Re: Website "Scanner"-----BEGIN PGP SIGNED MESSAGE----- On Wed, 08 Jan 2003 14:21:16 -0800 sullo () cirt net wrote:2) take all the files an mix them with all the directoriesfrom thescan database, so that: /dir1/file1.html /dir2/file2.html /dir3/file3.html turns into requests for /dir1/file1.html /dir1/file2.html /dir1/file3.html /dir2/file1.html /dir2/file2.html /dir2/file3.html /dir3/file1.html /dir3/file2.html /dir3/file3.htmlYes, this is more the idea. We are not looking for vulns.or xploits, rather trying to intelligently "guess" what else is in that directory. Either through dictionary use or other use. For example the following is publicly accessible:http://www.microsoft.com/new_products/bigwinner2003.html We want to find out what else might be in "new_products" sowe plug in say the words "big" "winner" "2003" and let our dictionary spin:biggerwinner2003.html - nothing bigloser2002.html - hit etc. Combining the dictionary and words from a specific site orfiles visible publicly, we try to guess the names of whatever else might be in that directory.You can do this manually with small time sites and obviousfile names e.g. index1.html...index2.html etc. Even annualreport2002.html is visible, try annualreport.2003.htmlYou can guess and hit on files that are not intended for publicconsumption.If it can be automated with user input for obviouskeywords, you probably could strike many interesting and sensitive files in the directory.-----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified athttps://www.hushtools.com/verifywnUEARECADUFAj4csi8uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1c2htYWlsLmNvbQAKCRDEHQGvBp4eRGE4AJ4joBLhRlZYcBX7sxnOmgYPfbtYOgCfUFun Y0PA+csb++5g+pM+c/0Bkok= =SFPk -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- RE: Website "Scanner", (continued)
- RE: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- RE: Website "Scanner" glyng (Jan 08)
- Re: Website "Scanner" Kurt Seifried (Jan 08)
- Re: Website "Scanner" sullo (Jan 09)
- RE: Website "Scanner" glyng (Jan 08)
- RE: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- Re: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- Re: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 09)
- Re: Website "Scanner" Chris Wysopal (Jan 09)
- Re: Website "Scanner" Mary Landesman (Jan 21)
- Re: Website "Scanner" Dave Aitel (Jan 09)
- Re: Website "Scanner" Kevin Spett (Jan 11)
- Re: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 09)
- RE: Website "Scanner" glyn (Jan 10)
- Re: Website "Scanner" Todd Charron (Jan 11)