UPDATE 12-31-2014 SERVER IS OFFLINE, IF YOU WOULD LIKE TO CONTINUE THIS CHALLENGE PLEASE CONTACT ME VIA THE ANSWERS EMAIL ADDRESS
One of the readers suggested that I set up a place where readers can test out and try their hands at enumerating on a "authorized" site. Well, I have stood up a web server, and there are roughly 22 pages that are enumerable using one method or another.
Good luck!
http://192.241.210.246/
UPDATE: Each discovered page contains a hash, it's simply a way to verify you have found something that was intended to be found. You can submit them as well or just shoot over the URL of the pages you found.
Please send in your answers or ask questions, this isn't a secret or CTF, this is here for you to learn.
Monday, August 18, 2014
Saturday, August 2, 2014
2014-08-02 Challenge: Web enumeration
Many times during application assessments the discovery of pages or objects that were meant to have been removed or "disabled" are the ways in. Hidden functionality or "admin only" functions that don't require auth to name a couple others. The question usually comes down to finding them. So, name 6 ways / methods of discovering content on web applications.
Subscribe to:
Posts (Atom)