General discussion

Locked

Anyone like to try some Penetration

By HAL 9000 Moderator ·
Testing for me?

I have an unfair advantage here {after all they are one of my problem clients so I know them all too well} as it only took me 3 attempts to get in so I've chosen a non-critical Web Page with the same security measures taken as on their main network except for the obvious fact that the web page is in Apache rather than running under M$ programs but it was the best that I could come up with without compromising their operations.

The web address is

http://www.monarc-equipment.com/links/links.html

and it is user name & password protected {3 accounts} running on a Red Hat 7 system but as I don't have much contact with the hosting company I'm unsure of the exact version of whatever other software they are running. This page is just a link to worldwide dealer?s network {sellers} so it has no importance but I would be interested in seeing if anyone can get in and have a look around.

The link I gave above while on their main web site is an unlinked page that has been placed there for a test. It contains nothing but sellers of heavy earthmoving plant world wide and could be gathered by anyone within a few days so it is not only useless but any form of assault on their Main Web Site will not get this page or any thing else of any importance as yet they have no dealers listed.

Now normally I would give this job to someone here who has had no direct contact with this company but owing to how they work everyone here knows them very well and the longest that it took any of my staff to crack was 30 minutes well everyone but the "Office Manager" anyway who wouldn't have a clue about these things.

Good hunting

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Oz_Media In reply to Anyone like to try some P ...

Hey Colin, you could have done this in a discussion forum ya know.

Nice title, I clicked it, DOH!

I am not at home (Vancouver for a day or two) but with your permission I will send it to a PKI scripter who is a vulnerability pro, I'm sure he will hack in but at least he will be able to tell me how the 'average' user would do.

I'll hold off until your permission to share this is granted.

Oz

Collapse -

by Oz_Media In reply to

Will email you my response.

Collapse -

by HAL 9000 Moderator In reply to

Poster rated this answer.
Actually OZ I did place it on the Discussion area but so far no answers and go for it while I didn't setup this particular security system as their ISP did who they are great friends with {now if only they would follow their and my advice and use linux} life would be so much easier but I was horrified when I got in in under 30 seconds but as I've said I know them and every one of my staff got in on at least one of the user accounts in under 30 minutes. So I had to find a non-critical place of attack which this page is as it is nothing more than a data backup from one of their Data Bases on potential suppliers. Actually if you have unlimited capacity with your ISP it is a good idea to have unlinked pages on your web site in any DR plan but most people just do not have this option.

Col

Collapse -

by HAL 9000 Moderator In reply to Anyone like to try some P ...

This question was closed by the author

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums