From: Krugger (merc4krugger@gmail.com)
Date: Sun Dec 10 2006 - 16:52:05 EST
What I mean is that instead of trying to beat the system by technical
means, for example with a 0day instant remote exploit. It would be
more probable to get in through a study of how they have build
security.
Examples:
- Is the root/administrator password shared among certain users? Can
you call the sysadmin, say you are Mr. XYZ an need to install an
application. Would he give you the password?
- The way around, you pose as the administrator and ask for the
password because you accidently deleted his entry from the database.
- Basically is there process in place for users to retrieve their lost
password? Do you have to show the id or can you just reset any
account?
- Any default public accounts?
- Is there a password policy? Do they change? To you have to have 5
letters and 3 numbers? everything that narrows down the search is good
news.
- How do the backup work? Does it backup everything, including password files?
- Physical security.
- Can you just walk inside?
- Are there network cables accessible to you?
etc, etc, etc...
What I am trying to show you is that there is a reason why so many
effective hacks are made by insiders. It is because you know how
something works, that it is easier to hack into.
Basically what you are looking for is just the smallest entry point,
you don't have to get root straight away. That is usually well
protected, but if you have a foot hold you have somewhere to work
from.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:26 EDT