out of office auto replies (was Re: Mock Penentration Test Site)

From: Tim (tim-pentest@sentinelchicken.org)
Date: Thu Aug 19 2004 - 21:26:27 EDT

• Next message: Robert Rich: "Re: Exploit Archive"
• Previous message: Mariano Nuñez Di Croce: "SQL Injection and text fields"
• In reply to: Tim: "Re: Mock Penentration Test Site"
• Next in thread: Martin Maèok: "Re: out of office auto replies (was Re: Mock Penentration Test Site)"
• Reply: Martin Maèok: "Re: out of office auto replies (was Re: Mock Penentration Test Site)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I just posted the message below, and received over 20 responses from
people's out of office auto-responders and from people whose mailboxes
are no longer valid, etc.

1. People: please stop pissing in the pool. If you don't know how to
    configure your auto-responders to ignore list mail, then don't use
    them at all. They are a danger to yourself and others, as they
    advertize to the world what you use for mail, and they can be great
    targets for mail loops via spoofing.

2. Moderator(s): would you mind sending out a test message once a month
    or so, and fish out the email addresses that are blasting posters'
    inboxes? I know they do this on other Security Focus lists.

thanks for your cooperation,
tim

On Thu, Aug 19, 2004 at 09:42:17AM -0400, Tim wrote:
> > I am trying to create a Red Teaming Exercise and I was wondering if
> > anyone knows of a full site I can download that will. Anything will
> > do as an example, with CGI, PHP, JSP , ASP, forms and database.
> > Basically anything that will resemble a real site with real
> > vulnerabilities. i dotn have the time to build a fully functioning
> > site from scratch and no one at work wants to give me one. Can anyone
> > help?
>
> Well, you could always set up an installation of PHPNuke or PHPbb. They
> seem to have plenty of holes in them already for you to exploit... ;-)
>
> Even if their current versions are well-patched, I am sure it would be
> easy to slip in a few XSS and SQL injection holes.
>
> tim

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------

• Next message: Robert Rich: "Re: Exploit Archive"
• Previous message: Mariano Nuñez Di Croce: "SQL Injection and text fields"
• In reply to: Tim: "Re: Mock Penentration Test Site"
• Next in thread: Martin Maèok: "Re: out of office auto replies (was Re: Mock Penentration Test Site)"
• Reply: Martin Maèok: "Re: out of office auto replies (was Re: Mock Penentration Test Site)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT