I got dinged on an external penetration test against one of my web servers last week. It was deemed a low priority, but it needed to be fixed. It seems that it was rather easy to get the internal IP address of the server: Well oops! (nc = netcat in the illustration above) It’s actually …

Continue reading »