Results 1 to 10 of 10

Thread: How to approach this?

  1. #1
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    1

    Default How to approach this?

    I'm not very much into Web Security, so I was hoping some guidance.

    Supposing you have a website's IP. The company behind the website has clients which through a CGI script send "information" to that company. It seems they have a DB tied to the website where sent information is stored.

    The website pages are ASP, so my guess is the server should be an IIS, and the DB should be a SQL Server.

    Can BT help identify the technology behind this website, and what can BT help with to get access to the DB.

    This is not for harmful goals, only for knowledge.

    If my post breaks any rules, please, delete it and let me know.
    Thank you,

  2. #2
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    Quote Originally Posted by AndrewP View Post
    I'm not very much into Web Security, so I was hoping some guidance.

    Supposing you have a website's IP. The company behind the website has clients which through a CGI script send "information" to that company. It seems they have a DB tied to the website where sent information is stored.

    The website pages are ASP, so my guess is the server should be an IIS, and the DB should be a SQL Server.

    Can BT help identify the technology behind this website, and what can BT help with to get access to the DB.

    This is not for harmful goals, only for knowledge.

    If my post breaks any rules, please, delete it and let me know.
    Thank you,

    the fact that you state at the start that you are not into web security means to me that even if your quest is for knowledge and not a malicious one, it is still probably illegal!

    if it is truely just a quest for knowledge then may i suggest some reading.

    even google some of the terms you have used and search this forum using keywords and i am sure you will find the answers you seek.
    "At least black people knew when they where slaves" Doug stanhope

  3. #3
    Junior Member
    Join Date
    Oct 2008
    Posts
    33

    Default *

    Quote Originally Posted by AndrewP View Post
    Can BT help identify the technology behind this website, and what can BT help with to get access to the DB.
    Instead of asking what BT can or can not do, why not try it and see for yourself?

  4. #4
    Member Oneiroi's Avatar
    Join Date
    Jul 2008
    Posts
    59

    Default

    Short answer: NO
    BT Can not help you with identifying the underlying web application architecture, nor help you gain access to the DB behind it. (Feel free to correct me here guys)

    Long Answer: Maybe

    You can look at the HTTP headers to get a better idea of what is powering the website,

    https://addons.mozilla.org/en-US/firefox/addon/575 for example can help identify the running webserver.

    From there you have a basis for which you can plan your pentesting.

    i.e.

    Has version of webserver any known exploits that can be used? (Google Fu will help here).

    In terms of access to the DB you will need to either compromise the web application itself (SQL Inject / XSSI etc ..), or the webserver from which it is being served.
    ---------

    OSX 10.6
    Advent Vega (Tegra 250)

    Working on getting BT5 working on the Vega

  5. #5
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    13

    Default

    BT or no, isn't it still illegal?
    Totsugeki!

  6. #6
    Member Oneiroi's Avatar
    Join Date
    Jul 2008
    Posts
    59

    Default

    Quote Originally Posted by Blue.Solean View Post
    BT or no, isn't it still illegal?
    The information itself is not illegal, how you use it however can be.

    If you use the information gained to launch an attack, however well intentioned against a server you do not have explicit permission to do so on, then yes it is illegal.

    If you have a clause from the owner / services provider (IN WRITING), or actually own the box you are attacking and have permission (AGAIN IN WRITING) from the ISP providing the connectivity of the server (Not applicable on LAN for pentesting labs), then it is legal.

    Think of the information like a loaded gun in some countries it is legal to keep this loaded gun, in some it is not.

    And pointing and shooting at something you neither own nor have permission to shoot at is going to come back and bite you.

    As a rule of thumb:

    1) You do not own the hardware you are 'pentesting';
    2) You do not own the bandwidth that is used to provide connectivity to the hardware.
    3) In the case of a data centre hosted target not matching 1 & 2, you do not own all the hardware shown in a trace route 'hop' between yourself and the target.

    If your intended target matches 1 or 2 it is illegal.

    If it matches '3' this is still another 'grey' area in that whilst you may own the hardware and the bandwidth being used, the fact that your attack is going via hardware you do not own can still be 'frowned' upon.
    ---------

    OSX 10.6
    Advent Vega (Tegra 250)

    Working on getting BT5 working on the Vega

  7. #7
    Junior Member
    Join Date
    Aug 2007
    Posts
    40

    Default

    Quote Originally Posted by Oneiroi View Post
    Short answer: NO
    BT Can not help you with identifying the underlying web application architecture, nor help you gain access to the DB behind it. (Feel free to correct me here guys)
    Certainly not correcting you here, but I think I would have answered yes. For example, you could use netcat to get the HTTP Header instead of installing a firefox addon. Also, I would be surprised if BT didn't have something in place to do more accurate webserver fingerprinting like analyzing the webserver response when a malformed page request is sent. Also, I'm almost certain that BT has some tools in place for SQL Injection (like Fast-Track by Relik?).

    Anyway, to the original poster... If you are truly interested in this topic then I agree with what others have said in that you need to do some reading and research into the topic for yourself. Based upon your question I would recommend starting with something that discusses a Pen Tester's Methodology.

    Maybe something like this for example:
    http://www.isecom.org/osstmm/
    http://csrc.nist.gov/publications/ni...T-SP800-42.pdf

    If your not interested in learning yet still have a legal requirement to have these tasks performed then maybe you could contract one of the many legit pen tester's that frequent these forums.

  8. #8
    Member Oneiroi's Avatar
    Join Date
    Jul 2008
    Posts
    59

    Default

    Quote Originally Posted by Packets View Post
    Certainly not correcting you here, but I think I would have answered yes. For example, you could use netcat to get the HTTP Header instead of installing a firefox addon. Also, I would be surprised if BT didn't have something in place to do more accurate webserver fingerprinting like analyzing the webserver response when a malformed page request is sent. Also, I'm almost certain that BT has some tools in place for SQL Injection (like Fast-Track by Relik?).

    Ah yes I remember now there is a whole plethora of 'fingerprinting' tools on BT ... I realy must get around to installing some VM software on this mac book pro ... I miss BT *cry*
    ---------

    OSX 10.6
    Advent Vega (Tegra 250)

    Working on getting BT5 working on the Vega

  9. #9
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default

    Quote Originally Posted by Packets View Post
    Also, I'm almost certain that BT has some tools in place for SQL Injection (like Fast-Track by Relik?).
    Relik rules!!

  10. #10
    Junior Member
    Join Date
    Nov 2008
    Posts
    38

    Default

    I would have to recomend the "FireBug" addon for firefox. It has been usefull for me. It allows you to edit the contents of the page and also comes with a DOM, Script, console, and html. But keep in mind that the edits are not permanent but it will act accodingly to the changes. i.e. if you disable the "submit" button, it wont work. If you go back to the site, it will.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •