From: Paul Melson (pmelson@gmail.com)
Date: Wed Feb 21 2007 - 14:38:20 EST
> We are doing a PT for one of our customers with 5 webservers. None of
these webservers have the website
> on the main url like http://xxx.xxx.xxx.xxx but they have confirmed that
they have critical applications
> running on all the 5 web servers and for security purposes they have moved
the websites to something
> like http://xxx.xxx.xxx.xxx/yyy.
That's a finding in and of itself. Security through obscurity might keep
automated scanners at bay, but it's akin to having an anonymous ftp server
running on port 24. It's still potentially vulnerable even though you have
to jump through extra hoops to find it.
> Now manually I guess it will take years to identify the correct URL having
the critical website by using
> guessing techniques. I was wondering if there is a tool that could try
various popular and brute force
> combinations to automatically guess the possible URLs.
Have you tried Google searches using 'site:client.dom' to see if possibly
these URLs are already floating around out there somewhere?
PaulM
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:35 EDT