 |
| |
| |
|
Who's Online |
|
We have 40 guests online |
|
| |
|
|
 |
|
EH-Net
|
|
May 23, 2013, 11:48:46 PM
|
 Show Posts
|
|
Pages: [1]
|
|
1
|
Ethical Hacking Discussions and Related Certifications / Web Applications / 500 HTTP Error... False Positive?
|
on: November 14, 2011, 02:48:00 PM
|
|
I'm using Wapiti to audit on of my web applications and I was returned with 3 sql injection, 39 blind sql, 27 file handling vulnerabilities, and 9 command execution vulnerabilities.
The thing is... Every single one contained a 500 http error code.
I know the 500 error is the "catch all" error... Basically the server doesn't know what to do with these.
I'd like to go ahead and just try exploiting one of these vulnerabilities to see if it is just a false positive but since I've been assigned to just do vulnerability assessments, it would be wrong and illegal.
So are these false positives? Whats a good way to futher test? Does Wapiti generally return any error as a vulnerability? I know sql injection can return 500 errors but I have a hunch many of these aren't actually vuln.
|
|
|
|
|
2
|
Ethical Hacking Discussions and Related Certifications / Web Applications / W3AF Non Intrusive Profile?
|
on: September 18, 2011, 12:10:33 AM
|
|
I am performing a vulnerability assessment and not a pentest on one of my affiliates websites. I was wondering if there are any great resources on putting together a profile in w3af that won't automatically start exploiting vulnerabilities it finds.
I just want to find these vulnerabilities... Not actually exploit them.
I've searched around on google and on the w3af website but can't find too much about it...
Suggestions?
|
|
|
|
|
3
|
Ethical Hacking Discussions and Related Certifications / Other / Re: Host Discovery Help
|
on: June 16, 2011, 11:59:41 AM
|
Sounds like you need to do a bit of recon before you hit such a wide range of IPs. For example, ping their webserver. Does that IP fall into one of the blocks they gave you?
If so, scan that so you can be sure you're getting some results back.
Recon and info gathering is a critical first step.
When I "whois" their domain I get the NetRange that includes all the IP ranges and address they have handed me. So they're all there. But it's really, really, really big XDAnother thought I had - you might want to look into unicornscan instead of nmap.
Done. I'm trying to install now. At first I thought you were messing with me... Like when you hand your little brother the controller when it's not plugged in... Just to keep him busy. Bahaha I feel like such a noob. |
|
|
|
|
4
|
Ethical Hacking Discussions and Related Certifications / Other / Re: Host Discovery Help
|
on: June 16, 2011, 11:38:48 AM
|
I'm far from an expert myself, but a few thoughts came into my head:
Why did they engage you if they knew the level of your skills and they wanted more than you could offer?
Why did you accept the engagement if the written agreement (you do have one, don't you?) indicated that you would be expected to undertake work that you knew was beyond you?
If they have changed the goal post, I would be inclined to reiterate that you do not have the appropriate skills, then point them in the direction of someone, or a company, that would fulfil their requirements.
I'm very young [21] and so are the 3 other guys on my team [later 20s]. They wanted a group of "outsiders" who were young and willing to learn and knew a few things about the "hacker culture." The job pays extremely well and they said I could work from home so why not? There was no specifics listed in the signed agreement on what they'd be having me do. Only just a few documents to protect me from any legal actions and that type of thing. I've never felt like I had the skills to do my job properly but i just go in and do my best :/Did they give you the block of external IP's to test or is this a black box scenario?
If this is the block they gave you, you might want to slow down your nmap scans. It's possible the FW knows you're slamming it with nmap scans and is just dropping your traffic. It's also possible they spotted you and are dropping all traffic from your IP.
I would try the -t (i think) flag in nmap to change the interval so that it slows your scans WAY down. I would probably also try from a different server with a different public IP just in case they blocked your IP as a matter of Incident Response.
-C
The list of subnets is astounding. The network is huge. But yes I have a list. I think they want me to black box it but at this point I'm just looking for some success so I know my scans are at least catching something. I ought to go sit down at a starbucks and run a few very slow scans. Would you suggest I run the same one I was before just with the "-t?"
So something like
-PE -PA -T2 -PS21-25,80,113,31339 -PA80,113,443,10042 -g 53
? |
|
|
|
|
5
|
Ethical Hacking Discussions and Related Certifications / Other / Host Discovery Help
|
on: June 16, 2011, 10:37:28 AM
|
|
Hello,
I typically won't post these types of topics unless I'm really desperate, which is the case. I have done much research by myself but still need some assistance and the clock is ticking :/
I am a whitehat that was employed by an organization [sorry I probably shouldn't say by whom] that hired me for my mitm, arp posioning, and packet injection skills. Quite honestly I'm not near as experienced as the majority of the users on here but they seemed to think I could do the job.
The only problem is they seem to have me doing everything outside of my expertise and have me scanning the ol WAN for external host discovery.
Only problem is that the firewall seems pretty resilient [or I'm just pathetic] and I am not getting any hosts returned on my external scans.... At all. One range I scanned let's say just for example 192.168.0.0/24 [obviously just a local example, not the real range I'm scanning]. And I get 30 some on hosts on the internal scan. Okay great. I hop outside of the network and start doing external scans. Nothing. I can't get ANYTHING!
I'll be honest. I'm no nmap guru. I've read through the "Nmap Network Scanning" book by Gordon Lyon and used a few of his suggested methods and still, nothing.
My first attempts I tried mixing various types of SYN an ACK probes and still can't seem to achieve any king of success.
An example of one of my attempts:
-PE -PA -PS21-25,80,113,31339 -PA80,113,443,10042 -g 53
I'm not asking anyone to do my homework for me. Maybe just point me in the right direction. Again I hate to ask for any help but I have to report on SOMETHING. Haha thanks in advance for any advice.
Oh and I wish I could disclose more information on the network but don't think that would be a good idea.
|
|
|
|
|
Loading...
|
|
|
|
News Items and General Discussion About EH-Net : Change is Coming to EH-Net!!
