Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Blind penetration testing
From: Andrew Simmons <andrew () zpok demon co uk>
Date: Thu, 04 Oct 2001 19:36:21 +0100

Ilici Ramirez wrote:

Some hints for reconnnaissance only:

1. review content of their web pages, download them
localy - look for names, emails, phone numbers, technologies
- search for scripts or asp included in html -
programming bugs, overflows, comments, etc.

I like to use ` wget --mirror www.target.tld ' to get a
local mirror of the site, which I can go through at my
leisure looking for interesting information.

Another good third party source of info is Netcraft; as
well as the HTTP server and OS (usually), they now show
uptime records which are interesting (target has recently
changed platform, target is IIS but has been up for over
a month... :)

Ilici R


===( Andrew Simmons    PGP key: http://pgpkeys.mit.edu
===( Security, network and sys admin, Perl programming
===(      http://www.zpok.demon.co.uk/doc/cv.txt

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]