How to approach this?
I'm not very much into Web Security, so I was hoping some guidance.
Supposing you have a website's IP. The company behind the website has clients which through a CGI script send "information" to that company. It seems they have a DB tied to the website where sent information is stored.
The website pages are ASP, so my guess is the server should be an IIS, and the DB should be a SQL Server.
Can BT help identify the technology behind this website, and what can BT help with to get access to the DB.
This is not for harmful goals, only for knowledge.
If my post breaks any rules, please, delete it and let me know.
Thank you,
Originally Posted by AndrewP
the fact that you state at the start that you are not into web security means to me that even if your quest is for knowledge and not a malicious one, it is still probably illegal!
if it is truely just a quest for knowledge then may i suggest some reading.
even google some of the terms you have used and search this forum using keywords and i am sure you will find the answers you seek.
"At least black people knew when they where slaves" Doug stanhope
*
Instead of asking what BT can or can not do, why not try it and see for yourself?
Short answer: NO
BT Can not help you with identifying the underlying web application architecture, nor help you gain access to the DB behind it. (Feel free to correct me here guys)
Long Answer: Maybe
You can look at the HTTP headers to get a better idea of what is powering the website,
https://addons.mozilla.org/en-US/firefox/addon/575 for example can help identify the running webserver.
From there you have a basis for which you can plan your pentesting.
i.e.
Has version of webserver any known exploits that can be used? (Google Fu will help here).
In terms of access to the DB you will need to either compromise the web application itself (SQL Inject / XSSI etc ..), or the webserver from which it is being served.
---------
OSX 10.6
Advent Vega (Tegra 250)
Working on getting BT5 working on the Vega
BT or no, isn't it still illegal?
Totsugeki!
The information itself is not illegal, how you use it however can be.
If you use the information gained to launch an attack, however well intentioned against a server you do not have explicit permission to do so on, then yes it is illegal.
If you have a clause from the owner / services provider (IN WRITING), or actually own the box you are attacking and have permission (AGAIN IN WRITING) from the ISP providing the connectivity of the server (Not applicable on LAN for pentesting labs), then it is legal.
Think of the information like a loaded gun in some countries it is legal to keep this loaded gun, in some it is not.
And pointing and shooting at something you neither own nor have permission to shoot at is going to come back and bite you.
As a rule of thumb:
1) You do not own the hardware you are 'pentesting';
2) You do not own the bandwidth that is used to provide connectivity to the hardware.
3) In the case of a data centre hosted target not matching 1 & 2, you do not own all the hardware shown in a trace route 'hop' between yourself and the target.
If your intended target matches 1 or 2 it is illegal.
If it matches '3' this is still another 'grey' area in that whilst you may own the hardware and the bandwidth being used, the fact that your attack is going via hardware you do not own can still be 'frowned' upon.
---------
OSX 10.6
Advent Vega (Tegra 250)
Working on getting BT5 working on the Vega
Certainly not correcting you here, but I think I would have answered yes. For example, you could use netcat to get the HTTP Header instead of installing a firefox addon. Also, I would be surprised if BT didn't have something in place to do more accurate webserver fingerprinting like analyzing the webserver response when a malformed page request is sent. Also, I'm almost certain that BT has some tools in place for SQL Injection (like Fast-Track by Relik?).
Anyway, to the original poster... If you are truly interested in this topic then I agree with what others have said in that you need to do some reading and research into the topic for yourself. Based upon your question I would recommend starting with something that discusses a Pen Tester's Methodology.
Maybe something like this for example:
http://www.isecom.org/osstmm/
http://csrc.nist.gov/publications/ni...T-SP800-42.pdf
If your not interested in learning yet still have a legal requirement to have these tasks performed then maybe you could contract one of the many legit pen tester's that frequent these forums.
Ah yes I remember now there is a whole plethora of 'fingerprinting' tools on BT... I realy must get around to installing some VM software on this mac book pro ... I miss BT *cry*
---------
OSX 10.6
Advent Vega (Tegra 250)
Working on getting BT5 working on the Vega
Relik rules!!
I would have to recomend the "FireBug" addon for firefox. It has been usefull for me. It allows you to edit the contents of the page and also comes with a DOM, Script, console, and html. But keep in mind that the edits are not permanent but it will act accodingly to the changes. i.e. if you disable the "submit" button, it wont work. If you go back to the site, it will.
Posting Permissions
