|
|
Colapse all |
Post message
Terminal Services Banner - Rdesktop, Tsgrind, Tscrack 2010-06-04 Shohn Trojacek (trojacek gmail com) Hello: Trying not to reinvent the wheel here, does anyone have any idea with regard to a method for performing dictionary attack against terminal servers that have the legal banner enabled? I'm finding that in all cases the legal banner seems to stop the password guessing. I'm guessing that a modif [ more ] [ reply ] Password Audit (AD Domain hashes) 2010-06-03 Josh_smith (pentestuk__ hotmail co uk) (5 replies) Hi Guys, I have just searched the old threads around password audits/auditing, and it seems most have only focused on SAM dumps for local accounts. I wanted to audit the hashes for AD domain member accounts that from my research live in ntds.dit (not seen much info on the structure of this file). [ more ] [ reply ] Re: Password Audit (AD Domain hashes) 2010-06-03 Jeff Testman (jtestman gmail com) (1 replies) AppSec DC 2010 CFP now open! 2010-06-03 Mark Bristow (mark bristow owasp org) Colleagues, Building on the success of AppSec DC 2009, OWASP is pleased to announce the OWASP AppSecDC 2010 conference held at the Walter E. Washington Convention Center on November 8th through 11th 2010. Plenary sessions will be on November 10th and 11th preceded by Web Application Security Traini [ more ] [ reply ] Re: Citrix Remote Desktop 2010-06-02 The Dead (th3d34d gmail com) Thanks! I´ll read the docs and make more tests. On Wed, Jun 2, 2010 at 2:28 PM, <root (at) vulnerabilityassessment.co (dot) uk [email concealed]> wrote: > Hi, > > nmap now has some nice scripts available for enumerating citrix, also check > out: > > http://www.vulnerabilityassessment.co.uk/Citrix.html which may help, lots of [ more ] [ reply ] Re: Citrix Remote Desktop 2010-06-02 The Dead (th3d34d gmail com) Hello cp77fk4r! Well, I can´t get the version. I´ll try to get it by analysing packets during the connection. Have another some clue? On Wed, Jun 2, 2010 at 1:43 PM, cp77fk4r <empty0page (at) gmail (dot) com [email concealed]> wrote: > can you get the version of this session? > > On Wed, Jun 2, 2010 at 4:26 PM, The Dead <th3d [ more ] [ reply ] Citrix Remote Desktop 2010-06-02 The Dead (th3d34d gmail com) (4 replies) Hello guys! I'm manking a pen-testing from an external network to a target and I found a Citrix session (port 1494) opened. I have downloaded some tools that perform brute-force login and application enumeration. Is there something else that I can do about such enviroment? Thanks! --------------- [ more ] [ reply ] TEHTRI-Security: Many 0days soon released at SyScan Singapore 2010 2010-06-02 Laurent OUDOT at TEHTRI-Security (laurent oudot tehtri-security com) Dear IT Security colleagues, Mid-June 2010, TEHTRI-Security will be at SyScan Singapore for an outstanding conference. There, we will release more than 13 remote pre-auth zero-days against many different products (yes: 13 0days...). We will also propose multiple generic technical solutions that m [ more ] [ reply ] Onapsis Research Labs: Onapsis Bizploit - The opensource ERP Penetration Testing framework 2010-06-01 Onapsis Research Labs (research onapsis com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear colleague, We are proud to announce the release of Onapsis Bizploit, the first opensource ERP Penetration Testing framework. Presented at the renowned HITB Dubai security conference, Bizploit is expected to provide the security community with a b [ more ] [ reply ] Decrypt info in referenced file in web.config. 2010-05-28 Richard Miles (richard k miles googlemail com) Hello I'm doing a test and I obtained a copy of the web.config file, the interesting is that there is a line like that "<add key="PasswordFile" value="C:\Inetpub\site\Users.acl" />" Â this called my attention to be on the inetpub folder and I was able to download it. It's with base64, when decodin [ more ] [ reply ] EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30) 2010-05-27 Dragos Ruiu (dr kyx net) EUSecWest 2010 MiniCFP (PacSec CFP Follows) One of our presenters was unable to get corporate approval for his travel and cancelled out. As such we are opening up one or two available slots for last minute submissions. We are also offering a referral bounty of a free conference registration for h [ more ] [ reply ] New OSSTMM 3 sampler and ToC available now 2010-05-25 Pete Herzog (lists isecom org) New OSSTMM 3 sampler from Chapter 2 released! The most current OSSTMM 3 Table of Contents released! You can get it now at www.osstmm.org! Sincerely, -pete. -- Pete Herzog - Managing Director - pete (at) isecom (dot) org [email concealed] ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org [ more ] [ reply ] Re: LFI with limitation 2010-05-23 Jacky Jack (jacksonsmth698 gmail com) I've tried all. All such encoding attacks are blocked by mod_security or some firewalls, issuing Not Acceptable message. On Sat, May 22, 2010 at 4:47 AM, Ulisses Castro <uss.thebug (at) gmail (dot) com [email concealed]> wrote: > %2500 ? %252500? > > my two cents, > > Ulisses Castro > > On Fri, May 21, 2010 at 7:00 AM, Jacky J [ more ] [ reply ] OSSTMM 3 STAR Released! 2010-05-24 Pete Herzog (lists isecom org) Hi, We have just released the updated STAR, Attack Surface Metrics calculation sheets, and the rav formula! As part of certain requirements towards compliance, more and more Euro companies (so far in France, Germany, Italy, and Switzerland) have begun getting their infrastructure's attack surfa [ more ] [ reply ] |
|
Privacy Statement |
OWASP is currently soliciting training providers for the OWASP AppSec
DC 2010 regional conference that will take place at the Walter E.
Washington Convention Center (801 Mount Vernon Place NW Washington, DC
20001) on November 8th through 11th of 2010. There will be training
courses on
[ more ] [ reply ]