On Mon, May 3, 2010 at 10:54 AM, Robin Wood <[email protected]> wrote: > Hi > At a party the other day I was asked the normal question of what do I > do for a living. I said security and kept it a bit vague but was > pressed so explained what pen-testing is and roughly what I do. I then > got the challenge, prove it, prove you can hack a company. > > People would say to a dentist, prove you can do a filling but this > person insisted they wanted a demo. I explained the legalities and > finally fobbed them off and got away but it got me thinking, has > anyone got any good party tricks that they can pull in this kind of > situation that give an instant wow but are easy to do and legal? Not > quite legal but I was thinking if I knew any big sites with XSS I > could rewrite but none came to mind at that time.
I sent Robin a specific example of the below trick off-list, but there's no harm in going over the general idea on-list :) : I often show off early steps of the recon phase--information gathering from publicly available sources without sending any sort of weird traffic the target's way. This avoids doing anything illegal, and is more impressive to most than a contrived attack on my own stuff. A favorite quick trick that I can do from anyone's computer is to find secret/obscure/forgotten areas of company web sites using Google. I start with a: site:example.com ...and start enumerating interesting subdomains by subtracting out common/uninteresting ones that show up in the results: site:example.com -site:www.example.com -site:pr.example.com ...and/or subtracting out pages that match the normal naming scheme, in order to find the unusual ones. site:example.com -intitle:"Example Technologies Inc." Most of the time, I know of one or two current examples of companies that have secret (but mostly harmless) portions of their web presence. I'll do the demo with one of those that I know will work, and occasionally follow up with off-the-cuff searches on sites owned by folks I am talking to. This is easy enough that people who aren't in the field can follow and understand exactly what you're doing, and you can follow it up with interesting war stories of things you've seen and done past this phase. Overall, if you're enjoy what you do and you like telling stories, it's pretty easy to catch peoples' interest talking about penetration testing. -- Wesley McGrew http://mcgrewsecurity.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
