From: Ailton Caetano (guerrilha@gmail.com)
Date: Thu Feb 09 2006 - 09:53:50 EST
www.netcraft.com could also help
2006/2/9, Ailton Caetano <guerrilha@gmail.com>:
> Hi you all,
>
> Well, google told webblaze is a web aplication used by Law firms written in asp
> (its login page is login.aspx), so they must be running some version
> of IIS. Trying to access a non-existent folder could give you the web
> server's name and version. You should also look for some sql injection
> possibility on the login page...
>
>
>
>
>
> 2006/2/8, Dave <dlaud.flux@gmail.com>:
> >
> > >To all:
> > >
> > >I have been asked to perform a security audit of 1 IP address for client.
> > >They have given me the 1 IP address and a clue (webblaze).
> > >
> > >If I enter the IP address and then /webblaze, I am taken to a login page
> > >(user name and password requested).
> > >
> > >What tools would you recommend that I use for this assignment?
> > >
> > >
> > nmap and nessus will tell you more about the IP and what other services
> > are running that you might be able to exploit. If they just want you to
> > test the strength of the webpage login then possibly using Brutus will
> > reveal weak passwords etc... although this is generally a bad idea.
> > Right off hand, I cant look now, but webblaze may be a publicly
> > available script...download it and check the source for any possible
> > coding errors that could be exploited.
> >
> > >Thanks for your help.
> > >
> > >Regards,
> > >
> > >
> > >Edmond
> > >
> > >
> > good luck and take it easy,
> > dave
> >
> >
> > ------------------------------------------------------------------------------
> > Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking applications on your
> > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> > futile against web application hacking. Check your website for vulnerabilities
> > to SQL injection, Cross site scripting and other web attacks before hackers do!
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> > -------------------------------------------------------------------------------
> >
> >
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT