Re: Pentesting a Web Applicaton

From: Jamie Riden (jamie.riden@gmail.com)
Date: Fri Jun 01 2007 - 13:10:49 EDT


On 01/06/07, Stong, Ian C CTR DISA GIG-CS <Ian.Stong.ctr@disa.mil> wrote:
> Because I have years of configuration and tweaks on it and various
> services would be down while reconfiguring it. Looking for little to no
> downtime. As an example I run VOIP through it with specific source
> destination pairs and specific port/protocol filters. Multiply that by
> 30 and you have the configuration that I would have to redo on the
> device. Meanwhile downtime while configuring and sniffing each
> application to determine exact ports to allow through, VPN peers to
> establish, applications to NAT, port remappings for public to private
> ports.....

Hi Ian,

Are we talking about a strong password here? Because there is no
feasible way to guess an 8 character password with upper and lower
case and digits, such as 'FhsfaS2!'. There are more than 62**8 such
passwords which is far too many to brute force.

Otherwise, here's two tools I've seen - been a while though so I can't
offer an opinion:
http://www.darknet.org.uk/2007/02/thc-hydra-the-fast-and-flexible-network-login-hacking-tool/
http://www.darknet.org.uk/2006/12/wwwhack-19-download-wwwhack19zip-web-hacking-tool/

Barnaby Jack has done some interesting stuff recently with JTAG,
exploits and ARM-based stuff, but this is probably further than you
want to go:

https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Jack.pdf
http://cansecwest.com/slides07/Vector-Rewrite-Attack.pdf
http://cansecwest.com/slides07/csw07-jack.pdf

cheers,
 Jamie

-- 
Jamie Riden, CISSP / jamesr@europe.com / jamie@honeynet.org.uk
UK Honeynet Project: http://www.ukhoneynet.org/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:51 EDT