tag:blogger.com,1999:blog-8539880144347728238.post4979642137679458658..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: From LOW to PWNED [1] Exposed Services and Admin InterfacesUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8539880144347728238.post-50521360277182313632012-04-20T23:49:34.903-04:002012-04-20T23:49:34.903-04:00nice post. please continue this.
Good info gathe...nice post. please continue this. <br /><br />Good info gathering and interactive testing tools paired with good data analysis and drill-down (and the ability to run further, related tests) is where i see testers having the best quick wins.<br /><br />One thing many scanners / tools could do is be more explicit about exactly what and how they're testing - and allow the tester to drill into that.<br /><br />I like to screenshot large sets of http servers and do a quick visual analysis to get a sense of areas to focus. Quickly lets me eliminate dupes and vhosts that don't matter. Definitely don't see scanners doing this sort of thing in the near term.<br /><br />Another thought, the limitations of scanners and tools based on the language / platform that they run on can totally prevent the visibility of exploitable bugs. <br /><br />Often the tools cannot speak enough of a protocol to properly implement a check or exploit in a non-standard language. Not to mention that they're limted by the perspective they have to the network (remote vs mitm), and whether they're designed to test w/o much interactivity (scanners) vs be used as a reversing tool (proxies, etc)<br /><br />so yeah, network testers aren't going away any time soon :)jcranhttp://www.pentestify.comnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-3704388848436779782012-04-20T09:14:31.353-04:002012-04-20T09:14:31.353-04:00This is good stuff! It drives home the point that...This is good stuff! It drives home the point that even with the prevalence of automated scanners and automated pen testing tools companies need to have diligent IT security pros on the payroll. Those pros on the payroll would also benefit from having some experience in the "offensive side" of security (read: pen test, not dirty jokes), to add the hacker perspective to reviewing findings.pipefishhttps://www.blogger.com/profile/10157331718355267394noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-3339251526859083722012-04-20T08:30:03.554-04:002012-04-20T08:30:03.554-04:00Neato. Quite a bit of that could be automated with...Neato. Quite a bit of that could be automated with Nmap <a href="http://nmap.org/nsedoc/" rel="nofollow">NSE scripts</a>, also. Grab page titles with http-title. Classify admin interfaces, backends, etc. with http-favicon and http-enum. Brute-force basic auth with http-brute and form-based auth with http-form-brute (not as reliable). Fingerprint and try default credentials for various devices with http-default-accounts.Daniel Millerhttps://www.blogger.com/profile/03534199136686853844noreply@blogger.com