Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Blind penetration testing
From: Andrew Simmons <andrew () zpok demon co uk>
Date: Thu, 04 Oct 2001 19:36:21 +0100

Ilici Ramirez wrote:

Some hints for reconnnaissance only:

1. review content of their web pages, download them
localy - look for names, emails, phone numbers, technologies
- search for scripts or asp included in html -
programming bugs, overflows, comments, etc.



I like to use ` wget --mirror www.target.tld ' to get a
local mirror of the site, which I can go through at my
leisure looking for interesting information.

Another good third party source of info is Netcraft; as
well as the HTTP server and OS (usually), they now show
uptime records which are interesting (target has recently
changed platform, target is IIS but has been up for over
a month... :)


Ilici R


\a

--
===( Andrew Simmons    PGP key: http://pgpkeys.mit.edu
===( Security, network and sys admin, Perl programming
===(      http://www.zpok.demon.co.uk/doc/cv.txt



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]