Highest Voted 'black-box' Questions - IT Security Stack Exchange

1

vote

1 answer

Correlation between server request and response time and built-in php functions

Is there any way to identify which built-in PHP function is used in some given script only by sending a request and receiving a response from the remote server? To keep it simple we might assume that it is very simple PHP script which contains only…

php fingerprinting black-box

asked May 16 '17 at 20:40

Awaaaaarghhh

562
2
18

0

votes

1 answer

Is creating secondary account on Black-Box Pentest Forbidden?

Okay, so here it goes. I am the Red Team Lead, and as described earlier; not far (like about a week), I posted this. At the time, I was looking for a beautiful technical title which could match down my findings. I mentioned it as 'Weak Password…

penetration-test black-box

asked Mar 04 '15 at 13:49

Shritam Bhowmick

1,602
14
28

0

votes

1 answer

Using timeouts to automatically detect blind sql injection exploits

I'm working on a penetration testing tool, and I have error-based sql injection pretty much covered, but I was wondering, is it possible to use timeouts, along with built in sql commands to detect an issue? In the application DVWA, I attempted the…

penetration-test sql-injection vulnerability-scanners dvwa black-box

asked Nov 27 '13 at 05:43

Dylan Katz

243
1
3
9

0

votes

1 answer

How strict should I be in rejecting unexpected HTTP request parameters redux?

I read this: How strict should I be in rejecting unexpected query parameters? Answer: No, do not error out on unexpected query string parameters. But I just got a requirement from our security guy that I must do so. Not only for unexpected query…

http webserver black-box

asked Jun 10 '21 at 20:08

gaazkam

5,607
11
24
37

0

votes

1 answer

How to find a website behind a Firewall?

Some context for my question: I'm currently studying Information Security, and this is for an assignment from my teacher. For my assignment, I received two IP addresses. I did a port scan with nmap and saw that both of these IP addresses pointed at…

penetration-test firewalls websites black-box

asked Jun 06 '19 at 01:42

Higor Lopes

9
4

0

votes

1 answer

How to preform black-box (no source) vulnerability testing/fuzzing?

How would I (or) what software would I use to conduct local application (stored on the PC) black-box (no source/closed source) fuzzing or vulnerability testing for Windows? I've just been using common sense, like using negative numbers and such,…

vulnerability fuzzing black-box

asked Jul 14 '17 at 22:58

noodles

83
4

0

votes

2 answers

Forcing a black box to register a ssl cerificate

I have in my home a proprietary device, which I took an interest to see what it does over the network. I first determined his Ip on my network, and the port used to pass http/s requests, then arp spoofed him to my mitmproxy server. After this setup…

tls certificates arp-spoofing reverse-engineering black-box

asked Dec 25 '16 at 21:19

Nadav96

193
6

0

votes

1 answer

Struggling to profile the query behind a SQLi vulnerability

I'm black-box pen testing a colleague's website for common vulnerabilities (mainly concerned with OWASP's top 10). I've found a SQL injection vulnerability in a form since the use of special characters in one of the form field's values returns…

penetration-test sql-injection black-box

asked Nov 30 '16 at 15:20

user81147

Questions tagged [black-box]