RE: Website detection

To:	"'3 shool'" <3shool@gmail.com>, <pen-test@securityfocus.com>
Subject:	RE: Website detection
From:	"Paul Melson" <pmelson@gmail.com>
Date:	Wed, 21 Feb 2007 14:38:20 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:references:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:x-mimeole:in-reply-to:thread-index; b=NavR924LsBn5hpJ6HIzedw43qaB7qdJ6+Eq9YQA4bl5pu4wveoDJ+lUNEji/ShC1YNHxP3A4TGYppn4/9sohpPNm4DF1YxKCan5f0pg+na5mkEu88YNO2DZNQv1nZj6E+o0LFw19EvU+a+YrRyhhw8AtXAEU7VibnNCuF7Ufze4=
In-reply-to:	<5a4274b50702190208l76d97209wec4b527a9730ad8a@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<5a4274b50702190208l76d97209wec4b527a9730ad8a@mail.gmail.com>
Resent-date:	Wed, 21 Feb 2007 21:20:09 -0700 (MST)
Resent-from:	pen-test-return-1078483597@securityfocus.com
Resent-message-id:	<20070222042009.3D6CB144D40@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
Thread-index:	AcdVQnCtnOnzo5mnQ1K+dZZ9n5yy1wArOQlg

> We are doing a PT for one of our customers with 5 webservers. None of
these webservers have the website 
> on the main url like http://xxx.xxx.xxx.xxx but they have confirmed that
they have critical applications 
> running on all the 5 web servers and for security purposes they have moved
the websites to something 
> like http://xxx.xxx.xxx.xxx/yyy.

That's a finding in and of itself.  Security through obscurity might keep
automated scanners at bay, but it's akin to having an anonymous ftp server
running on port 24.  It's still potentially vulnerable even though you have
to jump through extra hoops to find it.

> Now manually I guess it will take years to identify the correct URL having
the critical website by using 
> guessing techniques. I was wondering if there is a tool that could try
various popular and brute force 
> combinations to automatically guess the possible URLs.

Have you tried Google searches using 'site:client.dom' to see if possibly
these URLs are already floating around out there somewhere?

PaulM


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Website detection, 3 shool RE: Website detection, Password Crackers, Inc. Re: Website detection, Robin Wood Re: Website detection, pand0ra RE: Website detection, Paul Melson <= Re: Website detection, Tim Re: Website detection, crazy frog crazy frog Message not available Re: Website detection, Campbell Murray

Previous by Date:	Re: Websites Finding, Hacker
Next by Date:	Re: Websites Finding, Chris Hajer
Previous by Thread:	Re: Website detection, pand0ra
Next by Thread:	Re: Website detection, Tim
Indexes:	[Date] [Thread] [Top] [All Lists]