From: Ivan Arce (ivan.arce@coresecurity.com)
Date: Tue Feb 14 2006 - 16:19:16 EST
It's probably too late to add anything new (sorry, I have not read the
entire thread) but here's what I'd do:
1- search for "webblaze" on google
Results show you are likely facing a web app from "CT Summation" aimed
at law firms and/or firms concerned with legal litigation.
2- check CT Summation's web page, check the product brochure, etc.
Results show that "WebBlaze" runs on win2k or win2003 servers, it
requires IIS 5.0 or above, the .NET framework 1.1 (so its possibly
written in ASP.NET), also MDAC 2.7, MS XML 3.0, IE 6.0 and that clients
should have IE 5.5 or above with relaxed ActiveX security settings for a
specific webblaze component to work, backend integration probably
requires an specific domain account for the application to use...
3- Verify if any or all of the above applies to the particular IP
address you have.
If yes...
4- From 2 and 3 you can derive a good set of plausible attack vectors,
including using XSS bugs to obtain valid credentials from legitimate
users (due to the nice ActiveX relaxation)
5- With all the above information in mind, now use whatever tools you
deem useful... nmap is certainly one of them, a web vuln scanner is
another one, exploit code for specific bugs in the identified
technologies will be useful: generic win2k/win2003 server bugs, IIS 5.0
bugs,etc.
hope that helps,
-ivan
Edmond Chow wrote:
>
>
> To all:
>
> I have been asked to perform a security audit of 1 IP address for client.
> They have given me the 1 IP address and a clue (webblaze).
>
> If I enter the IP address and then /webblaze, I am taken to a login page
> (user name and password requested).
>
> What tools would you recommend that I use for this assignment?
>
> Thanks for your help.
>
> Regards,
>
>
> Edmond
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
-- --- "Buy the ticket, take the ride" -HST Ivan Arce CTO CORE SECURITY TECHNOLOGIES http://www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:31 EDT