Bitcoin Forum
November 23, 2017, 06:19:24 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Website Exploit and Server Penetration Testing  (Read 2327 times)
c4n10
Sr. Member
****
Offline Offline

Activity: 294



View Profile
September 15, 2012, 03:37:37 AM
 #1

We have three types of exploit/penetration testing:

1. Code-Level Exploit Testing - Tests your website's code and scripts for vulnerabilities. This includes vulnerability to: code injection (sql, java, css, etc...), form hijacking, cross site scripting (XSS), cross site request forgeries and more... The fee for this service is 3 BTC

2. Server-Level Penetration Testing - Tests your server for vulnerabilities including vulnerability to: Man in the Middle attacks, open port and port service vulnerabilities for the most common and less common services (telnet, pcAnywhere, smtp, esmtp, steam, etc..), DoS vulnerability and more... The fee for this service is 3 BTC

3. Comprehensive Exploit/Penetration Testing - A combination of the first two services. Tests your site at the code level and server level for every possible vulnerability we are able to test for. The fee for this service is 5 BTC.

All tests include a full report on the tests completed, list of possible vulnerabilities with detailed information about each vulnerability and the recommended fix for each vulnerability.

Before we can do anything I need a few things from you:

First and most important I need verification that you are authorized to give me permission for testing. Please create a page on your site, it doesn't have to be fancy, with some text along the lines of "I authorize c4n10 to do penetration testing on my website located at http://www.yourwebsitehere.com". Please be sure the text includes that you are giving me permission and please ensure that the site's domain is mentioned as well.

Please ensure that this page is hosted on the site's domain.

If you require only code-level testing you may skip the next paragraph:
If a third-party is hosting your site's content, I will need you to contact them to get permission and schedule a time for the testing. Please schedule at least 24 hours for testing.
This is only necessary for server-level and comprehensive exploit/penetration testing.

Payment:

You pay 25% up front and the remaining balance when we are done testing your site AND you are satisfied that your site is secure against vulnerabilities.

Should you suffer an attack after our testing and the attack is successful, we will investigate the attack, assist in locating the attacker if possible and help you to fix the vulnerability free of charge for the life of your website's domain. Should you sell, trade or gift the domain to someone else, the guarantee stays with the domain and is transferred to the new owner.

If you have any questions, comments or concerns, please feel free to let me know.
1511417964
Hero Member
*
Offline Offline

Posts: 1511417964

View Profile Personal Message (Offline)

Ignore
1511417964
Reply with quote  #2

1511417964
Report to moderator
1511417964
Hero Member
*
Offline Offline

Posts: 1511417964

View Profile Personal Message (Offline)

Ignore
1511417964
Reply with quote  #2

1511417964
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511417964
Hero Member
*
Offline Offline

Posts: 1511417964

View Profile Personal Message (Offline)

Ignore
1511417964
Reply with quote  #2

1511417964
Report to moderator
1511417964
Hero Member
*
Offline Offline

Posts: 1511417964

View Profile Personal Message (Offline)

Ignore
1511417964
Reply with quote  #2

1511417964
Report to moderator
c4n10
Sr. Member
****
Offline Offline

Activity: 294



View Profile
January 02, 2013, 01:31:41 AM
 #2

Updated Prices and Description on 1/1/2013
TradeFortress
VIP
Legendary
*
Offline Offline

Activity: 910


View Profile
January 02, 2013, 09:27:52 AM
 #3

We have three kinds of exploit/penetration testing:

1. Code-Level Exploit Testing - Tests your website's code and script's for vulnerabilities. This includes vulnerability to: code injection (sql, java, css, etc...), form hijacking, cross site scripting (XSS) and more... The fee for this service is 3 BTC

2. Server-Level Penetration Testing - Tests your server for vulnerabilities including vulnerability to: Man in the Middle attacks, open port and port service vulnerabilities for the most common and less common services (telnet, pcAnywhere, smtp, esmtp, steam, etc..), DDoS vulnerability and more... The fee for this service is 3 BTC

3. Comprehensive Exploit/Penetration Testing - A combination of the first two services. Tests your site at the code level and server level for every possible vulnerability we are able to test for. The fee for this service is 5 BTC.

Before we can do anything I need a few things from you:

First and most important I need verification that you are authorized to give me permission for pen-testing. Please create a page on your site, it doesn't have to be fancy, with some text along the lines of "I authorize c4n10 to do penetration testing on my website located at http://www.yourwebsitehere.com". Please be sure the text includes that you are giving me permission and please ensure that the site's domain is mentioned as well.

Please ensure that this page is hosted on the site's domain.

If you require only code-level testing you may skip the next paragraph:
If a third-party is hosting your site's content, I will need you to contact them to get permission and schedule a time for the testing. Please schedule at least 24 hours for testing.
This is only necessary for server-level and comprehensive exploit/penetration testing.

Payment:

You pay 25% up front and the remaining balance when we are done testing your site AND you are satisfied that your site is secure against vulnerabilities.

Should you suffer an attack after our testing and the attack is successful, we will investigate the attack, assist in locating the attacker if possible and help you to fix the vulnerability free of charge for the life of your website's domain. Should you sell, trade or gift the domain to someone else, the guarantee stays with the domain and is transferred to the new owner.

If you have any questions, comments or concerns, please feel free to let me know.
Hi,

Could you tell me a bit about your skills? I'm not saying this specially to you, but I've dealt with people who offer pentesting services they learned from watching hackthissite walkthroughs...
c4n10
Sr. Member
****
Offline Offline

Activity: 294



View Profile
January 02, 2013, 11:09:41 AM
 #4

Could you tell me a bit about your skills? I'm not saying this specially to you, but I've dealt with people who offer pentesting services they learned from watching hackthissite walkthroughs...

There's really nothing wrong with learning to hack at HTS, I myself am a registered member there. It's a safe, legal way to learn valuable skills relative to realistic situations.

As far as my skills personally, I am entirely self-taught. I started with my first Apple pc when I was in 3rd grade, I wrote my first program in QBasic and I have owned more than one Tandy in my lifetime.

I am a member of the Legion of Ethical Hackers, have been for over 13 years.

I am skilled with nmap, ettercap, metasploit, wireshark, Hydra, Aircrack-ng, RFMON, Cain and Abel, John the Ripper and many other common and less common tools and I run all of my tools through proxychains and Tor.

occulta
Full Member
***
Offline Offline

Activity: 187



View Profile
January 06, 2013, 02:06:42 PM
 #5

Could you tell me a bit about your skills? I'm not saying this specially to you, but I've dealt with people who offer pentesting services they learned from watching hackthissite walkthroughs...

There's really nothing wrong with learning to hack at HTS, I myself am a registered member there. It's a safe, legal way to learn valuable skills relative to realistic situations.

As far as my skills personally, I am entirely self-taught. I started with my first Apple pc when I was in 3rd grade, I wrote my first program in QBasic and I have owned more than one Tandy in my lifetime.

I am a member of the Legion of Ethical Hackers, have been for over 13 years.

I am skilled with nmap, ettercap, metasploit, wireshark, Hydra, Aircrack-ng, RFMON, Cain and Abel, John the Ripper and many other common and less common tools and I run all of my tools through proxychains and Tor.

How do you use Aircrack-ng for server and code level testing?

I would love to know about CSS code injection, unless you are referring to cross-site scripting which you mentioned again in the same sentance.

Also can you explain the relevance of chaining through tor with proxychains if you are sort out NDA's
thanks

GPG KeyID: F5A703CC74E46E5D
c4n10
Sr. Member
****
Offline Offline

Activity: 294



View Profile
January 06, 2013, 09:28:03 PM
 #6

How do you use Aircrack-ng for server and code level testing?

I don't. I really only mentioned aircrack-ng because TradeFortress was asking about my "skills" and it is a tool that I am proficient with. It relates to pentesting no more than what me writing my first program in QBasic or having owned a Tandy does.

I would love to know about CSS code injection, unless you are referring to cross-site scripting which you mentioned again in the same sentance.

CSS (Cascading Style Sheets) code injection is essentially HTML injection but deals specifically with style elements and can be used in many places where other types of scripting are being filtered.

CSS injection can be a valuable part of XSS (cross-site scripting) but should not be confused as actually BEING XSS.

XSS is an injection classification composed of different methods whereas CSS injection is a method which can be used to commit XSS.

If you have a genuine interest in learning XSS (and are not just trolling me as I suspect you to be) there are MANY resources available for reference and review, I recommend searching for them.
.
Also can you explain the relevance of chaining through tor with proxychains if you are sort out NDA's
thanks

I'm afraid I don't know what you mean by "if you are sort out NDA's" but the significance of running your programs through proxychains is that there are countless programs valuable to hacking which do not offer the ability to route through your proxy, proxychains captures all tcp activity across your network adapter and routes it through your proxy whether it's parent program is configured to use the proxy or not.

This is not important to pentesting either as when I am pentesting I have permission to "access" the site/server but I still like to use proxychains when testing to keep myself in good practice.
CIYAM
Legendary
*
Offline Offline

Activity: 1862


Ian Knowles - CIYAM Lead Developer


View Profile WWW
January 09, 2013, 02:12:06 PM
 #7

I would just like to to say that I have paid 5 BTC (txid 5728734a6c577dc479e6b4a0693745e7d53836f2ea99481dde6326ae0f4ddf07) for this service and I think he has done a pretty straight up job.

Although my understanding of security is pretty good it is always helpful to get a good analysis of your server to make sure you haven't made any stupid mistakes.

Thanks for a good service Steven!

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
c4n10
Sr. Member
****
Offline Offline

Activity: 294



View Profile
January 09, 2013, 02:13:29 PM
 #8

I would just like to to say that I have paid 5 BTC (txid 5728734a6c577dc479e6b4a0693745e7d53836f2ea99481dde6326ae0f4ddf07) for this service and I think he has done a pretty straight up job.

Although my understanding of security is pretty good it is always helpful to get a good analysis of your server to make sure you haven't made any stupid mistakes.

Thank you for the feedback!!! Greatly appreciated!!!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!