Penetration Testing – Directory Bruteforcing

Posted on October 29, 2009 by jhaddix 2 Comments

One thing you learn when you start a career in pentesting is: Never assume anything. In my experience hacks aren’t always elegant and elaborate. Sometimes something simple and effective is your avenue of penetration. Which brings us to today’s topic: directory bruteforcing. Directory bruteforcing is a favorite of mine. I can’t tell you how many times a directory listing has broken open a pentest for me. Whether it be that all elusive web admin panel, or a directory listing containing … →

NMAP Database Output : XML TO SQL

One much requested feature of NMAP is SQL output. This tool attempts to bridge that gap by providing a XML2SQL conversion, and compares the database output to other similar tools. →

5 Quick Tips for Securing Apache2

Posted on October 15, 2009 by Nathan Drier Leave a comment

Apache is a fantastic web server. It’s easily installable on pretty much every modern operating system, it has gobs and gobs of community support, documentation and howto’s, and is very robust. What I don’t like about Apache is its kitchen sink approach to functionality. By default, lots of modules and extra configuration directives are enabled. Needless to say, the majority of these aren’t needed for a simple web server. Even with a more advanced web application, it’s best to start … →