Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS

from [pdp (architect)] Network Security [Permanent Link]
Subject: Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS
Date: Fri, 4 Aug 2006 14:06:57 +0100 
I agree with you. Sometimes routers do not have http enabled although
I believe that most administrators enable this service to perform
easy/remote administration tasks. However, it is quite common to find
http enabled devices. :) printers, wireless printers, cameras... you
name it. Attacking these devices is not that severe as attacking the
border router however, if the attacker is able to misconfigure one or
more of these devices some bad things can happen (DoS, etc).

IMHO, if you want to do stuff on lower level, you need to think of
something else. JavaScript, Flash and Java Applets are technologies
that are designed to run on the WEB. This is why, IMHO, they are quite
good platform for performing WEB/HTTP based attacks.

cheers

On 8/4/06, Thierry Zoller <Thierry@zoller.lu> wrote: 
Dear pdp (architect),

pa> BTW, there are quite a lot cisco devices that have http open on local
pa> LAN vulnerable to IOS HTTP Authorization Vulnerability.

That's my point, I have done an ehaustive amount of pentest, I have
never come accross a router with accessible HTTP port. Maybe that's
related to the nature of the networks though.

--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7




--
pdp (architect)
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re[2]: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller
Next by Date:  ARES 2007: Call for workshop proposals, deadline Sept 10, 2006, Manh Tho
Previous by Thread:  Re[2]: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller
Next by Thread:  Re: [Full-disclosure] Attacking the local LAN via XSS, Nikolay Kubarelov
Indexes:  [Date] [Thread] [Top] [All Lists]