HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 44 guests and 5 members online
 
Free Business and Tech Magazines and eBooks

You are here: Home
EH-Net
May 22, 2013, 07:44:24 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
  Home Help Calendar Login Register  
  Show Posts
Pages: 1 ... 40 41 [42] 43 44 ... 58
616  Ethical Hacking Discussions and Related Certifications / Web Applications / Re: HTTP header: PUT, DELETE, etc on: August 19, 2010, 09:32:04 AM
Thanks guys

I was successful sending this (using the Burp Suite):

Code:
PUT /test.txt HTTP/1.1
Host: 192.168.1.199
Content-Length: 6

Yesss!

Now that I can write in the web server root, I need to get a shell using asp. Any idea? I am currently searching in Google...
617  Ethical Hacking Discussions and Related Certifications / Web Applications / HTTP header: PUT, DELETE, etc on: August 19, 2010, 07:37:02 AM
Hi,

When I use Nikto or Nessus to scan a web server, I often get messages like this:

Code:
+ OSVDB-0: Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5647: HTTP method ('Allow' Header): 'MOVE' may allow clients to change file locations on the web server.
+ OSVDB-0: HTTP method ('Allow' Header): 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is allow but a default page exists.
+ OSVDB-0: HTTP method ('Allow' Header): 'PROPPATCH' indicates WebDAV is installed.
+ OSVDB-425: HTTP method ('Allow' Header): 'SEARCH' indicates DAV/WebDAV is installed, and may be used to get directory listings if Index Server is running.
+ OSVDB-0: Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
+ OSVDB-5646: HTTP method ('Public' Header): 'DELETE' may allow clients to remove files on the web server.
+ OSVDB-397: HTTP method ('Public' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5647: HTTP method ('Public' Header): 'MOVE' may allow clients to change file locations on the web server.
+ OSVDB-0: HTTP method ('Public' Header): 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is allow but a default page exists.
+ OSVDB-0: HTTP method ('Public' Header): 'PROPPATCH' indicates WebDAV is installed.
+ OSVDB-425: HTTP method ('Public' Header): 'SEARCH' indicates DAV/WebDAV is installed, and may be used to get directory listings if Index Server is running.

How can I compromise a server using one of these headers? Can I use the PUT header method to upload a file on the server?

Couldn't find anything interesting on Google...
618  Resources / News from the Outside World / Re: Probation? Are you kidding? on: August 17, 2010, 07:54:45 PM
But the way he was stealing was very interesting. Imagine if he would have used proxies to connect to BestBuy, etc...

Quote
The 22-year-old ran the racket at Abercrombie & Fitch, American Eagle, Apple, Best Buy, Fred Meyer Macy's and Spencer Gifts.

All these stores and only $6000? I doubt about it...
619  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Recommendation for an SQL fuzzer? on: August 17, 2010, 10:40:22 AM
As an update, I finally found Injection dictionaries/wordlists at http://www.edge-security.com/wfuzz.php

The source directory of the WFuzz application contains several dictionaries.
620  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Recommendation for an SQL fuzzer? on: August 17, 2010, 10:31:50 AM
Would anyone know about a good SQL Injection dictionary? I found an OK one, but I am looking for MySQL, MSSQL and Oracle specific ones...

Also for XSS and XSRF!

Good ones are hard to find...
621  Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: OSCP - Progress on: August 17, 2010, 08:00:51 AM
@eternal_security - Thanks!

I am almost ready now. I am lucky (or bad lucky?) not to have a contract this week. So I am 100% studying and practicing. I am a little more confident now.

Knocking on wood!!
622  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Banner grabbing with netcat on: August 17, 2010, 05:32:01 AM
Thanks for the hints. I heard about AMAP but I never used it. Last release is January 2006, so is it too old to detect recent services?!?

My goal wasn't so much about ruling out false positive. I was more looking at an easy way to look at one or to ports on a machine. My question really was "what to do" when you see a strange port open. The answer seems to be:

1) Start a network sniffer
2) Connect to the service with telnet/netcat and see what happen
3) Launch some tools like nmap scripts or AMAP

There is not much else we can do.
623  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Recommendation for an SQL fuzzer? on: August 16, 2010, 05:22:30 PM
WebScarab as a fuzzer:
http://www.owasp.org/index.php/Fuzzing_with_WebScarab
http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/

And there is plenty of document for SQLMap...
624  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Recommendation for an SQL fuzzer? on: August 16, 2010, 02:14:46 PM
Thanks Ketchup.

I have been using WebScarab and SQLMap so far and I was wondering if they were good. I guess they are!
625  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Banner grabbing with netcat on: August 16, 2010, 08:55:20 AM
Hey,

I am currently using netcat (but it could be telnet, sbd, etc) to do some banner grabbing. So far, I only find example for HTTP and FTP servers... But what about other services? I poked around and found some more ways of getting information with netcat:

HTTP
Code:
nc -v 192.168.1.10 80
    HEAD / HTTP/1.0
    [ENTER]
    [ENTER]

    - or -

    GET HTTP


FTP
Code:
nc -v 192.168.1.59 21

SSH
Code:
nc -v 192.168.1.59 22


MS-SQLServer
Code:
nc -v 192.168.1.59 1433

MySQL
Code:
nc -v 192.168.1.59 3306

And etc!

So my questions really is: Yes, you can use netcat to connect to every single port and get the banner of well known services. But what about other TCP ports with no obvious response without the proper prompt (like a web server)? We need to provide the service with some precise query parameters. So do you guys know about other data that could be send to a TCP port that doesn't an obvious reply?

I hope you guys understand my question...  Grin
626  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Recommendation for an SQL fuzzer? on: August 16, 2010, 08:36:39 AM
Hi,

I am looking for a fuzzer to find SQL Injection vulnerabilities. I have used a few, but I am wondering which one you use?
627  Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: OSCP exam in 1 week - Advice? on: August 15, 2010, 10:33:35 PM
Quote
if you understand how to enumerate services, how to find exploits on the exploitdb and other sites, and have some idea how to customize existing exploits, like the course teaches you, for differing OS service packs, etc, then you should be able to pass.

Thanks for encouraging us hayabusa!

I will definitively continue working in the lab this week. I will also make sure I revise all the course material before Saturday.

Long week ahead of me, but I like this course so much! Smiley
628  Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: OSCP exam in 1 week - Advice? on: August 15, 2010, 08:50:50 PM
Quote
i think i feel the same way as zeroflaw: i have learned a lot these past 2 months, but i am really afraid i am not ready

I think we are all feeling the same about this test!!!  Huh

@xXxKrisxXx - Thanks! Here is another example. Compromise a web server, sniff legitimate traffic and use a client-side attack (a variation of one of your examples)

I am sooo humble right now. Regarding this exam, I feel like I am throwing dices...
629  Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: OSCP exam in 1 week - Advice? on: August 13, 2010, 02:04:08 PM
Thanks hayabusa

Man it is stressful to wait for this test... It's difficult to know what to do to get ready for this exam...

I guess I will continue working in the lab and hack into more machines...
630  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Procedure to find services behind open ports on: August 13, 2010, 01:58:53 PM
Thanks guys,

I also remember this great post from sil: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5679.0/

Lots of usefull things there too.
Pages: 1 ... 40 41 [42] 43 44 ... 58
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.122 seconds with 21 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.