At first, you should access these websites to check your host by yourself.
anon
Now that iam on adsl i wwantes to know how secure i really am.
Can someone please run a vulnerabilty scan against my host and tell me if he found something weak?
Thanks in advance.
Thanks for the link anon.
I did a scan here and it found only 3 of my 4 ports open. The last one was 4899 but it didnt show up.
Except that can one find info on the name and version of my services running?
Can you also suggest a good port scan and vulnerability tool that i can download to test myself and other hosts?
go to:
and run the ShieldsUP! program. Plenty of other tests there to check your exposure.
Brian
In Message-ID: posted on Thu, 28 Jul
2005 19:00:45 +0300, Nik wrote: Begin
thanks but what i really need is a vulnerability assessment tool, not just a commons port scan.
In Message-ID: posted on Wed, 27 Jul 2005 15:26:07 GMT, anon wrote: Begin
My config won't allow any of the scans at this site.
Total scanned ports: 60 Open ports: 0 Closed ports: 0 Filtered ports: 60
ZAP v6
Thanks but I already checked my host with those and it just gave me a list of my ports open (only the common one though 80 and 25 it found where i run the web and smtp servers but i have more).
What i want is to know how vulnerable iam by having those ports open and how an intruder could use them to access or to infect my system.
For example iam using as a web server Apache/2.0.54
Nicky schrieb im Artikel :
Depends on the software/software version you use.
Yes all of my website is made with perl cgi scripts (index.pl and so on)
Its running on my own web server and its just a personal webpage , so dont worry about it :-)
Nicky schrieb im Artikel :
As far as I know the server software is ok. Second way to compromise a system is the usage of cgi scripts, php ... Any of these present?
Directory traversal issuses you talking? I think iam safe against thsoe :-)
This is really my website. Anyway that i can proof this to you? My nttp host and my web server runs on e the same exact machine thats why they have the same ip address. Everyday i post form the sam ip address from my own pc.
Whats a Jamba advertisment?
Hm... I think, you remember the escaping problems with Perl, and your scripts are safe against this?
Sorry, an invitation by usenet is not enough ;-) No-one could proof, if this is really your site, and this posting was really by you, so no-one knows, if she/he is incuring a penalty, after she/he tries to break in.
And why should anybody make an effort to be anonymous, only to have your site tested and to be secure against possible prosecution? ;-)
This is, why penetration tests are a service, some companies are offering. Just place an order (not with me, BTW, I'm doing security consulting sometimes, but not simple penetration tests only).
I cannot see anything on it but a Jamba advertisment.
Yours, VB.
What's a Jamba?
Yes, of course is my page but iam not advertising a product.
Iam just posting through a pop_up menu some interesting greek texts about religion and especially Christian Orthodox matters. :-)
No, escaping and code execution.
Umm, iam not sure what exactly you mean.Perhaps you can post an example!?
No, escaping and code execution.
You don't need to ;-)
An advertisment for Jamba is the only thing I can see on your page.
Yours, VB.
Aaahh! yes! Its because .tk is a redirected domain name that points to my computer at http://83.171.225.52/ I forgot about it cause i onl view my page as http://localhost :-)
Well i dotn have a special function inside my index.pl to cut of escape chars but i tried thise interesting idea you agve an nothing happened.
http://dell/cgi-bin/index.pl?select=`dir`No such file or directory at D:\\www\\cgi-bin\\index.pl line 37.
and also
http://dell/cgi-bin/index.pl?select="d:\\sos.txt"Invalid argument at D:\\www\\cgi-bin\\index.pl line 37.
Other as well in order to pass thisw values to the pop_up variable select so to get the web server opne another txt file from my liking or make him execute a command `dir\\ but nothing happened....
Yes in fact the response is weird.
Well i tries both http://dell/cgi-bin/index.pl?select=`c:\\windows\\system32\\cmd.exe /c dir`
and
http://dell/cgi-bin/index.pl?select=`cmd.exe /c dir`
but i got as a response "Invalid argument at D:\\www\\cgi-bin\\index.pl line 37."
True Firefox and IE show some grapshic things a little bit different :-)
The product, you have an advertisment for on your page. It is you page, is it?
Yours, VB.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.