Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Reverse Proxy Pen Testing

from [Andres Riancho] Network Security [Permanent Link]
Subject: Re: Reverse Proxy Pen Testing
Date: Sat, 26 Mar 2005 20:37:37 -0300 
FF 647 ,

    This is kind of hard to do because you dont really know the subnet they
are using on their internal lan ( 10.* , 192.168.* or 172.16.* ) so the
worse part is to "guess" where they have the internal web servers. Some time
ago i asked myself this same question and i got to this answer :

        a ) configure proxychains to use the netcache
        b ) run : proxychains nmap -sT -sV -p80 -P0 192.168.1-15.1-50

    Also , netcache can be configured to retrieve only external web pages if
this is the case , i dont know how to bypass that.
    Hope this helps .

Cheers ,

Andres Riancho

----- Original Message ----- 
From: "FF 647" <ff_647@yahoo.com>
To: <pen-test@securityfocus.com>
Sent: Friday, March 25, 2005 9:40 PM
Subject: Reverse Proxy Pen Testing



Does anyone know of a way to test a netcache to see if
it will return content from web sites on an internal
network -- intranet sites that would otherwise not be
viewable by the public? Any info would be appreciated
as we are investigating techniques to simulate
Internet based attack vectors against our reverse proxy.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Reverse Proxy Pen Testing, FF 647
Next by Date:  RE: Reverse Proxy Pen Testing, Jerry Shenk
Previous by Thread:  Reverse Proxy Pen Testing, FF 647
Next by Thread:  RE: Reverse Proxy Pen Testing, Jerry Shenk
Indexes:  [Date] [Thread] [Top] [All Lists]