Re: Pentesting Webserver

From: Kish Pent (kish_pent@yahoo.com)
Date: Fri Nov 02 2007 - 07:31:13 EST

• Next message: Cory Swanson: "Linux alternative to TSGrinder?"
• Previous message: Dev Null: "Fingerprinting and Testing Firewalls"
• In reply to: sherwyn.williams@gmail.com: "Pentesting Webserver"
• Next in thread: cwright@bdosyd.com.au: "Re: Re: Pentesting Webserver"
• Maybe reply: cwright@bdosyd.com.au: "Re: Re: Pentesting Webserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey Sherwyn,

You must use some documentation for the db vendor.
Learn basic manipulation commands from some appendix,
preferrably some david litchfield blackhat ppt/pdfs.

Then take a look at a tool like absinthe, which can
automate the SQL injection finding, with required
input.

If you can use Absinthe, to find a injection, then
nothing like it. Try testing, and verifying it a few
times, before you use SQL Ninja to compromise and get
back a shell.

All this is necessary if you cannot use SQL queries
and unicode manually to test the server. This is a
good approach (for now), while you can develop your
skillset on atleast 2 DB's preferrably, Oracle and
mySQL.

Unless you understand the nitty-gritty details of what
happens in web-programming and processing, you will
not be able to penetrate the backend without tools ;)

Cheers :)
Kish

PS: As much as you concentrate on SQL injection, so
should you in XSS since it's equally/more dangerous.

--- sherwyn.williams@gmail.com wrote:

> Hello all,
>
> I am in the middle of a test, so far I found out
> ftp, amount other things allows anonymous login, but
> my main concern is looking for sql injection points.
>
> I used Paros and found a point, I can enter
> something like anything' x' or x=x' for both the
> username and email filed on the form and that would
> allow me to login as username admin, now I would
> like to know how can I use this to get a full list
> of accounts and what not to include in my report.
>
> I tried doing some queries of this nature from the
> web browser but I am not even getting an error
> message, ex http://test.com?email=code&password=code
>
> Sql is a new area for me so any and all help is
> needed
> Sent via BlackBerry from T-Mobile

<--------------------------->
Kishore, Penetration Tester
Smart Security, T.Nagar,
Chennai - 600 017
<--------------------------->
Phone: 91 98841 80767
<--------------------------->

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Cory Swanson: "Linux alternative to TSGrinder?"
• Previous message: Dev Null: "Fingerprinting and Testing Firewalls"
• In reply to: sherwyn.williams@gmail.com: "Pentesting Webserver"
• Next in thread: cwright@bdosyd.com.au: "Re: Re: Pentesting Webserver"
• Maybe reply: cwright@bdosyd.com.au: "Re: Re: Pentesting Webserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:11 EDT