Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Service finding

  1. #11
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Well then you should try to do actual pentesting not with a live provider which might not be amused if you think you can/should perform a pentest of your website.

    Start to set up your own lab. There are nice images out there for you to play around with and try out and improve your skills without doing any harm on live servers.

    And as purehate mentioned, you should reread your TOS of the provider. Most don't even allow scanning.
    Tiocfaidh ár lá

  2. #12
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by KMDave View Post

    And as purehate mentioned, you should reread your TOS of the provider. Most don't even allow scanning.
    As I'm sure you noticed he answered every one else's questions and totally avoided mine. A sure sign of guilt.

  3. #13
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by RedScare View Post
    If grabbing a banner using ncat fails to reveal service types, versions, and anything else, and nmap only gives a 90% secure guess on operating system type without reliable version information, and nothing on the version of the ftp, http, smtp, etc. services running on various ports, but is still able to get the type of service running on a given open port, is there any other way for me to find out the versions my website/webhost is running?
    Did you run nmap with either -A or -sV? Have you tried another tool like Nessus or httpprint? Have you tried default accounts for ftp and smtp? etc.

    As someone else suggested purposefully triggering server errors (particularly WRT http servers/services) can be very revealing. Try directory listings, 404s, requests for active page types (blef.aspx blef.ashx etc.), purposefully try to cause a HTTP 500 error by submitting a form with some invalid parameters or with the expected parameters simply removed (you might need a personal proxy for this), try requests via HTTP 0.9 and 1.0 instead of 1.1, try HEAD requests instead of full GETs or POSTs, etc.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •