Penetration Testing: RE: Word lists, again...

["Barber, Chris" <cbarber () estgsecurity com>]

Another possible idea, would be to talk with someone who develop and take a
look a one of there servers and do a dir/ls on the dirs for that machine,
especially a test or eval type server that includes sample scripts and such.

just to add my $.02

Chris

-----Original Message-----
From: Philip Stoev [mailto:philip () stoev org]
Sent: Thursday, May 24, 2001 8:28 AM
To: Penetration Testers
Subject: Re: Word lists, again...


You can also try a dir *.exe on your own PATH, /bin, /usr/bin,
/usr/local/bin, /sbin, /usr/sbin, winnt, winnt/system32, and other such
directories. Then add those executables to your dictionary.

Sometimes people put weird things (ping.exe, traceroute.exe, notepad.exe,
cmd.exe, command.com, bash, sh, etc.) in their CGI-BIN folders for weird
purposes (such as testing if CGI execution actually works) and then forget
to clean up afterwards.

Philip


----- Original Message -----
From: "Alberto Grazi" <Alberto.Grazi () citria com>
To: <PEN-TEST () securityfocus com>
Sent: Wednesday, May 23, 2001 12:53 PM
Subject: Word lists, again...


> Hi,
>   during a pen-test I have found a directory which probably has exec
> permission.
> Since I didn't have any name of files (listing is not allowed) my
> approach was to try a sort of "dictionary attack" on the URL.
> I tried with a normal English dictionary but it didn't find anything
> (each word was truncated to the 8th char and ".exe" was appended)...
> does anyone know if there is a list of common names of CGIs available
> (for Unix and win platforms) ?
>
> Thx
>
> Alberto