Penetration Testing mailing list archives

Re: Word lists, again...

From: "Philip Stoev" <philip () stoev org>
Date: Thu, 24 May 2001 15:28:06 +0300

You can also try a dir *.exe on your own PATH, /bin, /usr/bin,
/usr/local/bin, /sbin, /usr/sbin, winnt, winnt/system32, and other such
directories. Then add those executables to your dictionary.

Sometimes people put weird things (ping.exe, traceroute.exe, notepad.exe,
cmd.exe, command.com, bash, sh, etc.) in their CGI-BIN folders for weird
purposes (such as testing if CGI execution actually works) and then forget
to clean up afterwards.

Philip


----- Original Message -----
From: "Alberto Grazi" <Alberto.Grazi () citria com>
To: <PEN-TEST () securityfocus com>
Sent: Wednesday, May 23, 2001 12:53 PM
Subject: Word lists, again...

Hi,
  during a pen-test I have found a directory which probably has exec
permission.
Since I didn't have any name of files (listing is not allowed) my
approach was to try a sort of "dictionary attack" on the URL.
I tried with a normal English dictionary but it didn't find anything
(each word was truncated to the 8th char and ".exe" was appended)...
does anyone know if there is a list of common names of CGIs available
(for Unix and win platforms) ?

Thx

Alberto

Current thread:

Word lists, again... Alberto Grazi (May 23)
- Re: Word lists, again... Ryan Russell (May 23)
- Re: Word lists, again... H D Moore (May 23)
- Re: Word lists, again... Philip Stoev (May 24)
- <Possible follow-ups>
- RE: Word lists, again... Chris Tobkin (May 24)
  - RE: Word lists, again... R. DuFresne (May 24)
- RE: Word lists, again... Barber, Chris (May 24)