Re: Website "Scanner"

["Kevin Spett" <kspett () spidynamics com>]

> If the RIAA had used this kind of simple scanner on their systems they
> wouldn't have gotten hacked last week.

Sure they would have... But whoever hacked them would have to use the
vulnerability that the person who is going to hack them next week will use.
;)


Kevin Spett
SPI Labs
http://www.spidynamics.com/



> Dave Aitel
> Immunity, Inc.
>
>
> On Wed, 8 Jan 2003 17:51:51 -0800
> "Nelson Sampaio Araujo Junior" <nelson () lunenetworks com br> wrote:
>
> > Well,
> >
> > That sounds you're not doing something legal with it. If you are the
> > owner of the server/system, just dir or list them. Another hint is
> > that if the administrator has disabled the Index option, its probably
> > because you can't do it (legally speaking).
> >
> > - Nelson
> >
> > ----- Original Message -----
> > From: <backed.up.by.2048.bit.encryption () hushmail com>
> > To: <sullo () cirt net>
> > Cc: <webappsec () securityfocus com>; <vuln-dev () securityfocus com>
> > Sent: Wednesday, January 08, 2003 3:22 PM
> > Subject: Re: Website "Scanner"
> >
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > >
> > >
> > >
> > > On Wed, 08 Jan 2003 14:21:16 -0800 sullo () cirt net wrote:
> > >
> > > > 2) take all the files an mix them with all the directories from
> > > > the scan
> > > > database, so that:
> > > >  /dir1/file1.html
> > > >  /dir2/file2.html
> > > >  /dir3/file3.html
> > > > turns into requests for
> > > >  /dir1/file1.html
> > > >  /dir1/file2.html
> > > >  /dir1/file3.html
> > > >  /dir2/file1.html
> > > >  /dir2/file2.html
> > > >  /dir2/file3.html
> > > >  /dir3/file1.html
> > > >  /dir3/file2.html
> > > >  /dir3/file3.html
> > >
> > >
> > > Yes, this is more the idea.  We are not looking for vulns. or
> > > xploits,
> > rather trying to intelligently "guess" what else is in that directory.
> > Either through dictionary use or other use. For example the following
> > is publicly accessible:
> > > http://www.microsoft.com/new_products/bigwinner2003.html
> > >
> > > We want to find out what else might be in "new_products" so we plug
> > > in say
> > the words "big" "winner" "2003" and let our dictionary spin:
> > >  biggerwinner2003.html - nothing
> > >  bigloser2002.html - hit
> > >
> > > etc.
> > >
> > > Combining the dictionary and words from a specific site or files
> > > visible
> > publicly, we try to guess the names of whatever else might be in that
> > directory.
> > > You can do this manually with small time sites and obvious file
> > > names e.g.
> > index1.html...index2.html etc. Even annualreport2002.html is visible,
> > try annualreport.2003.html
> > > You can guess and hit on files that are not intended for public
> > consumption.
> > > If it can be automated with user input for obvious keywords, you
> > > probably
> > could strike many interesting and sensitive files in the directory.
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: Hush 2.2 (Java)
> > > Note: This signature can be verified at
> > > https://www.hushtools.com/verify
> > >
> > > wnUEARECADUFAj4csi8uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> > > c2htYWlsLmNvbQAKCRDEHQGvBp4eRGE4AJ4joBLhRlZYcBX7sxnOmgYPfbtYOgCfUFun
> > > Y0PA+csb++5g+pM+c/0Bkok=
> > > =SFPk
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > >
> > >
> > > Concerned about your privacy? Follow this link to get
> > > FREE encrypted email: https://www.hushmail.com/?l=2
> > >
> > > Big $$$ to be made with the HushMail Affiliate Program:
> > > https://www.hushmail.com/about.php?subloc=affiliate&l=427