From: Packet Man (packetman@altsec.info)
Date: Thu Feb 09 2006 - 11:30:52 EST
Edmond Chow wrote:
>
>
> To all:
>
> I have been asked to perform a security audit of 1 IP address for client.
> They have given me the 1 IP address and a clue (webblaze).
>
> If I enter the IP address and then /webblaze, I am taken to a login page
> (user name and password requested).
>
> What tools would you recommend that I use for this assignment?
>
I'm going to give you a bit of a different perspective on
this, in addition to the fine technical advice I'm sure you
will get from the many wizards in the forum here.
First, I recommend that in the beginning, you think more like
a detective, and less like a hacker. Learn everything you
can about what few clues you have.
Who owns the IP? (whois -h whois.arin.net <ip address>)
What domain is it? (nslookup <ip address>)
Then, what can you find out about the owners? (whois <domain.name>)
What can you find out the owners and their networks?
Google for their names, their networks, the ip address, and
any bit of information you retrieve along the way.
Check any websites the owners or their service providers
have for clues.
Don't forget to search "newsgroups" on Google, not just
the "Web".
During this investigation, use your tools to gather more
clues. Try to identify the operating system of the IP.
Try to identify the application software available on
any open ports.
Each time you learn something new, go back to Google
and start searching.
IMPORTANT: What the client expects you to do and a
release of liablity MUST be clearly outline BEFORE you
do any targeting of the ip address. For example, if
they haven't said you can pound them with Nessus and
other scans/exploits and you crash a million dollar
server in production - LOOK OUT!!!! Get written
tasking and a signed release.
Now, just one look at "webblaze" from Google told me
this. Your ip address is probably a webserver with
"CT Summation WebBlaze" which is a "Web-based litigation
support application", and the client is most likely
a law firm.
Get the idea?
Information security is sometimes a lot Columbo or
Sherlock Holmes. Then, it turns into hacking.
-- Excellence in InfoSec and Linux http://www.altsec.info ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT