Help with web app pen test

From: devoid@hush.com
Date: Sun Feb 09 2003 - 18:56:44 EST

• Next message: Brennen Reynolds: "RE: PBX Security"
• Previous message: Thomas Porter, Ph.D.: "RE: PBX Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

List members;

Currently I'm performing an external pen test on two web applications. I was wondering if I could get a little encouragement and possibly some assistance.

The apps are PlanWeb and PlanHR by Pyramid Digital Solutions. The box the apps reside on is WinNT 4.0 running IIS 4 sitting behind a firewall. The only open ports are 80 and 443. Going to port 80 gives a big fat "403.4 Forbidden: SSL required" page. I've hammered the site with Nikto on both port 80 and 443. The only thing I get are xss and the new xss trace hits from the libwhisker perl module. (Yeah, I'm using the latest LW.pm.)

The cookie comes back as Siteserver=biglonghashedtypedealhere. I got a couple thousand of them and looked for similarities, or patterns better yet, but found none. (Manual process, if I had found an automated tool for looking at similarities perhaps my luck would have been better.)

So far I haven't had much luck at all. Everything done in the app goes to an exe file. The url looks like this https://pen-test.server.com/directory/file.exe?. I've tried appending all sorts of goodness to the end of the url. No luck. I did manage to get into the application with a default username and password combo. I simply replaced the file.exe with file.ini and IIS let me download said ini file which contained a default user id and password. I'm going through the app trying to find any way to upload to the server. There are a host of forms in the application but none look will allow me to write a file.

Part of the app is a backend sql box. I'm going to try some sql injection through the applications forms, but I'm confident it's going to fail. I hammered the developers with that the last test.

Anyway, I was just curious if there was something new that I've been missing. Any suggestions would be greatly appreciated.

Thanks.

devoid

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Brennen Reynolds: "RE: PBX Security"
• Previous message: Thomas Porter, Ph.D.: "RE: PBX Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT