|
Colapse all |
Post message
Article: 5 common Web app vulnerabilities 2006-04-28 Erin Carroll (amoeba amoebazone com) The following Infocus technical article was published on SecurityFocus today: Five common Web application vulnerabilities By Sumit Siddharth and Pratiksha Doshi Published 2006-04-28 This article looks at five common Web application attacks, primarily for PHP applications, and then presents a sh [ more ] [ reply ] NMap Scanning Issues 2006-04-28 09Sparky gmail com (1 replies) I am trying to run Nmap both on specific ports and then multiple ports (1-1024, 1-65535, etc). My issue or is this: when I run small port scans; my results come back fine (open, closed, filtered). I have confirmed that the results are accurate. However, when I attempt to scan multiple ports I ge [ more ] [ reply ] RE: Core Impact vs. Canvas vs. Metasploit 2006-04-28 Damien Dinh (DDinh sycuan com) I have Core Impact and it's gui is very easy to use; along with A-Z automation (scan, exploit, and load mini shell agent), you can also just drag any exploit onto a target and whamo! It doesn't even break the service you're exploiting; at this point, you can drag and drop an agent; then you can aut [ more ] [ reply ] Sussen? 2006-04-28 Steffen Kluge (kluge fujitsu com au) Has anyone used sussen (http://dev.mmgsecurity.com/projects/sussen/) and would like to share their impressions? It was mentioned on the OpenBSD list recently as alternative to nessus. Cheers Steffen. ------------------------------------------------------------------------ ------ This List Sponso [ more ] [ reply ] TCPReplay problem 2006-04-27 ankur jindal (ankurjn113 hotmail com) (2 replies) Hi all Can we direct tcpreplay to send packets to another machine? If so what is the command for that. I didnt see any documentation for that. When it sends out packets on an interface is are they just sent to the next ethernet or is tcpreplay used for testing the machine on which it is installed [ more ] [ reply ] RE: Licensed Penetration Tester LPT 2006-04-27 Mark Teicher (mht3 earthlink net) Who would retain the license the company or the individual ?? Would the licensees be posted to a statewide web page, and then the individual would have to apply for a license in each state the company or the individual conducts business. Wow, the licensing people would make a lot of money this wa [ more ] [ reply ] Re: Licensed Penetration Tester LPT 2006-04-27 Mark Teicher (mht3 earthlink net) I forgot about those areas of expertise. Must be able to reverse engineer popular network routing assembly code and present their findings in front of large audiences. Must be able to afford legal representation Must know r0cketgrl.. :) -----Original Message----- >From: Gene Cronk <gcronk (at) trsg (dot) ne [email concealed] [ more ] [ reply ] Re: Brutus 2006-04-27 bart packetjunkie com PacketStormSecurity.org http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalu e=brutus&type=archives ------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 [ more ] [ reply ] RE: Brutus 2006-04-27 Arley Barros Leal (arley leal sonae com) http://www.indianz.ch/tools/crack/brutus.zip There's also a handy 43MB wordlist.... http://www.indianz.ch/tools/doc/wordlist.zip Cheers-- -----Original Message----- From: David Ball [mailto:lostinvietnam (at) hotmail (dot) com [email concealed]] Sent: quinta-feira, 27 de Abril de 2006 6:48 To: pen-test (at) securityfocus (dot) com [email concealed] S [ more ] [ reply ] Sharepoint privilege escalation - admin.dll+author.dll 2006-04-27 kuffya gmail com Hi list, I'm testing a sharepoint portal running on IIS 6.0.The exact version (banner based) is: MicrosoftSharePointTeamServices: 6.0.2 I've identified the folllowing dlls, which are viewable (and perhaps modifiable, if the list helps) by non-admin accounts: /_vti_bin/_vti_adm/admin.dll /_ [ more ] [ reply ] Core Impact vs. Canvas vs. Metasploit 2006-04-27 virtuale hushmail com (2 replies) Hi, For those who have been using one or more of the subj. products - How do the products compare? What are the key technical adv/disadvantages of each product? The cost of the products is different. There must be something about the technical part that is significantly different. I'm tryin [ more ] [ reply ] RE: Licensed Penetration Tester LPT 2006-04-27 Damien Dinh (DDinh sycuan com) The law does not specify information systems or forensics in IT/IS. -----Original Message----- From: Chris Hajer [mailto:chrishajer (at) usa (dot) net [email concealed]] Sent: Wednesday, April 26, 2006 1:28 PM To: pen-test (at) securityfocus (dot) com [email concealed] Subject: Re: Licensed Penetration Tester LPT On Wednesday April 26, 2006 8:50, Phil F [ more ] [ reply ] Re: Brutus 2006-04-27 barcajax gmail com Found a few links but not sure how legit they are. Here you go. http://www.groovyweb.uklinux.net/index.php?category=files&page_name=old http://www.antiserver.it/Password-Crackers/ http://secwatch.org/download.php?cat=2 ------------------------------------------------------------------------ ----- [ more ] [ reply ] |
|
Privacy Statement |
We have been asked to scan a class b network for port range 1 - 1024 every month.
The network is across 4 hops of T1 links. icmp is filtered at the edge router and hence prevent us form using icmp to detect live systems.
does anyone attempted a scan on such a large scane and can provide
[ more ] [ reply ]