From: Francisco Sáa Muñoz aka n3z (fsm@aesthechnics.com)
Date: Fri Aug 20 2004 - 03:05:40 EDT
Quoting chewy <chewy@pandora.be>:
> > On Sat, 14 Aug 2004, DokFLeed.Net wrote:
>
> > > *verify the OS fingerprinting you get , then optimize your test.
> > > *test only what's open, don't be a dreamer and try to audit a closed
> port, I
> > > have seen it happening. and I bet each tester on his first project did
> it,
> > > its the enthusiasm rather than experience.
>
> I'm just wondering how do you remotely check for applications that use a
> level of authentication based on port knocking without beeing a dreamer
> then ?
Usually, people use the software with default configuration.
When auditing, I try usually a lil' script against cd00r (hail to the first),
SAdoor, toctoc and the other portknocking's software defaults.
As easy as is.
-- ]-* Francisco Sáa Muñoz a.k.a. Nuno Treez Security Junkee since 1996 Linux User #119288 mame.dk #115087 Utinam barbari spatium proprium tuum invadant! *-[EOF] ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT