Penetration Testing: RE: Word lists, again...

["R. DuFresne" <dufresne () sysinfo com>]

This URL brings one to a sweet listing such as:

 admin.php3
   admin
   administrators.pwd
   adminlogin
   admin-serv
   adpassword.txt
   af.cgi|   exploit (perl)
   aglimpse
   Album
   allmanage.pl
   amadmin.pl|   exploit (html form)
   apexec.pl
   AT-generate.cgi|   exploit (html form)
   admin-serv
   auctionweaver.pl|   exploit (perl)
   authors.pwd
   bb-hist.sh
   bb-hostsvc.sh
   bb-histlog.sh


Now, being I read and speak english, where at this site is the tool in
question, as the other pages for this site seem to not be english based.

Thanks,

Ron DuFresne

On Wed, 23 May 2001, Chris Tobkin wrote:

> Yep, whisker has a pretty good database, but I just found this one
> yesterday..
> http://www.ukrt.f2s.com/bugs.htm
>
> Which has a pretty good and complete list of all sorts of CGIs and
> vulnerabilities I've never seen before..
>
> // Chris
> tobkin () intersec com
>
> -----Original Message-----
> From: H D Moore [mailto:hdm () secureaustin com]
> Sent: Wednesday, May 23, 2001 8:11 PM
> To: Alberto Grazi; PEN-TEST () securityfocus com
> Subject: Re: Word lists, again...
>
>
> The database which comes with Whisker is fairly complete, albiet the 
> vulnerability checks are outdated.  You can find a copy online at 
> http://www.wiretrip.net/rfp/
>
>
>
> On Wednesday 23 May 2001 04:53 am, Alberto Grazi wrote:
> > Hi,
> >   during a pen-test I have found a directory which probably has exec
> > permission.
> > Since I didn't have any name of files (listing is not allowed) my
> > approach was to try a sort of "dictionary attack" on the URL.
> > I tried with a normal English dictionary but it didn't find anything
> > (each word was truncated to the 8th char and ".exe" was appended)...
> > does anyone know if there is a list of common names of CGIs available
> > (for Unix and win platforms) ?
> >
> > Thx
> >
> > Alberto
> ----------------------------------------
> Content-Type: application/x-pkcs7-signature; charset="iso-8859-1"; 
> name="smime.p7s"
> Content-Transfer-Encoding: base64
> Content-Description: 
> ----------------------------------------
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!