Another possible idea, would be to talk with someone who develop and take a look a one of there servers and do a dir/ls on the dirs for that machine, especially a test or eval type server that includes sample scripts and such. just to add my $.02 Chris -----Original Message----- From: Philip Stoev [mailto:philipat_private] Sent: Thursday, May 24, 2001 8:28 AM To: Penetration Testers Subject: Re: Word lists, again... You can also try a dir *.exe on your own PATH, /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin, winnt, winnt/system32, and other such directories. Then add those executables to your dictionary. Sometimes people put weird things (ping.exe, traceroute.exe, notepad.exe, cmd.exe, command.com, bash, sh, etc.) in their CGI-BIN folders for weird purposes (such as testing if CGI execution actually works) and then forget to clean up afterwards. Philip ----- Original Message ----- From: "Alberto Grazi" <Alberto.Graziat_private> To: <PEN-TESTat_private> Sent: Wednesday, May 23, 2001 12:53 PM Subject: Word lists, again... > Hi, > during a pen-test I have found a directory which probably has exec > permission. > Since I didn't have any name of files (listing is not allowed) my > approach was to try a sort of "dictionary attack" on the URL. > I tried with a normal English dictionary but it didn't find anything > (each word was truncated to the 8th char and ".exe" was appended)... > does anyone know if there is a list of common names of CGIs available > (for Unix and win platforms) ? > > Thx > > Alberto > >
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 08:40:12 PDT