Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Website "Scanner"

Re: Website "Scanner"

From: Dave Aitel <dave_at_immunitysec.com>
Date: Thu, 9 Jan 2003 08:41:34 -0500

Because surely nobody would want to both have a secure system and check
for this kind of thing remotely? It's all great to log in and take a
look, but if you have 1000 systems, that becomes a waste of time.

If the RIAA had used this kind of simple scanner on their systems they
wouldn't have gotten hacked last week.

Dave Aitel
Immunity, Inc.

On Wed, 8 Jan 2003 17:51:51 -0800
"Nelson Sampaio Araujo Junior" <nelson_at_lunenetworks.com.br> wrote:

> Well,
>
> That sounds you're not doing something legal with it. If you are the
> owner of the server/system, just dir or list them. Another hint is
> that if the administrator has disabled the Index option, its probably
> because you can't do it (legally speaking).
>
> - Nelson
>
> ----- Original Message -----
> From: <backed.up.by.2048.bit.encryption_at_hushmail.com>
> To: <sullo_at_cirt.net>
> Cc: <webappsec_at_securityfocus.com>; <vuln-dev_at_securityfocus.com>
> Sent: Wednesday, January 08, 2003 3:22 PM
> Subject: Re: Website "Scanner"
>
>
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >
> >
> > On Wed, 08 Jan 2003 14:21:16 -0800 sullo_at_cirt.net wrote:
> >
> > >2) take all the files an mix them with all the directories from
> > >the scan
> > >database, so that:
> > > /dir1/file1.html
> > > /dir2/file2.html
> > > /dir3/file3.html
> > > turns into requests for
> > > /dir1/file1.html
> > > /dir1/file2.html
> > > /dir1/file3.html
> > > /dir2/file1.html
> > > /dir2/file2.html
> > > /dir2/file3.html
> > > /dir3/file1.html
> > > /dir3/file2.html
> > > /dir3/file3.html
> > >
> >
> >
> > Yes, this is more the idea. We are not looking for vulns. or
> > xploits,
> rather trying to intelligently "guess" what else is in that directory.
> Either through dictionary use or other use. For example the following
> is publicly accessible:
> >
> > http://www.microsoft.com/new_products/bigwinner2003.html
> >
> > We want to find out what else might be in "new_products" so we plug
> > in say
> the words "big" "winner" "2003" and let our dictionary spin:
> >
> > biggerwinner2003.html - nothing
> > bigloser2002.html - hit
> >
> > etc.
> >
> > Combining the dictionary and words from a specific site or files
> > visible
> publicly, we try to guess the names of whatever else might be in that
> directory.
> >
> > You can do this manually with small time sites and obvious file
> > names e.g.
> index1.html...index2.html etc. Even annualreport2002.html is visible,
> try annualreport.2003.html
> >
> > You can guess and hit on files that are not intended for public
> consumption.
> >
> > If it can be automated with user input for obvious keywords, you
> > probably
> could strike many interesting and sensitive files in the directory.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: Hush 2.2 (Java)
> > Note: This signature can be verified at
> > https://www.hushtools.com/verify
> >
> > wnUEARECADUFAj4csi8uHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
> > c2htYWlsLmNvbQAKCRDEHQGvBp4eRGE4AJ4joBLhRlZYcBX7sxnOmgYPfbtYOgCfUFun
> > Y0PA+csb++5g+pM+c/0Bkok=
> > =SFPk
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > Concerned about your privacy? Follow this link to get
> > FREE encrypted email: https://www.hushmail.com/?l=2
> >
> > Big $$$ to be made with the HushMail Affiliate Program:
> > https://www.hushmail.com/about.php?subloc=affiliate&l=427
> >
> >
>
>
Received on Jan 10 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos