i think its worthy, coz if u still probe around, and work your way around, u will some other boxes hidden, e.g, 41.203.208.26, and another well firewalled appserver =196.201.208.57. Lemmie not expose more. On 9/29/10, Peter Karunyu <pkarunyu@gmail.com> wrote:
In my opinion, security of web apps is a cumulative task where you secure everything that can be secured within reason. So far, these are the points:
1. If a reverse DNS lookup can yield the IP address of domains.safaricom.co.ke, we have a target. 2. Due to the lack of custom 404 error handlers, we know the target runs RHEL5 3. We also know there is a database on that target, we just need to find the port its using. 4. We have a possibly working username<http://domains.safaricom.co.ke/webim/client.php>for that database, its a matter of guessing the password. 5. We know that PHP 5.2.9 <http://www.securityfocus.com/bid/36449/info> has specific vulnerabilities on RHEL5
If I was running that server, I would rather not have the facts above available to the general public, regardless of whether that server hosts "hello world" pages or not.
Next question I would ask, is domains.safaricom.co.ke a target worthy of the effort?
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/