Tuesday, July 16, 2013

Web Service With CGI Support - Penetration Testing

This report shows an hands-on penetration testing using Apache server with cgi access, it identifies some vulnerabilities and performs exploits with this vulnerability and It further patches it by mitigating this known threats.

INTRODUCTION

APACHE

Apache can also be referred to as Apache HTTP Server. It is a standard that is established for allocating services for website online which has developed the World Wide Web. It is a free platform of web server which is been used by most of the website. The server is been used by most of the operating systems e.g. Unix, Linux, Window, Microsoft Windows, Mac OS etc but was originally designed for Unix.

Monday, July 15, 2013

Lets send packet without PING command - Introducing Scapy

Whats scapy?
Its packet manipulation mechanism. One can send and receive the packet of large no. of protocols. Its useful to send and receive reply in order to further analysis. Scapy provides many classical tasks such as :
  • probing
  • tracerouting
  • scanning
  • network discovery