|By David Dodd||
|January 9, 2012 04:00 AM EST||
The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve security posture. Some other names for this first phase of penetration testing are; OSINT (Open Source Intelligence), Footprinting, Discovery, and Cyberstalking.
During reconnaissance we'll gather information from public sources to learn about the target and try to find what is important to the target. How they do business, technical infrastructure, architecture, products, and configuration information. These actions may seem harmless at the time and may be overlooked by security administrators as "network noise", but don't count on it. A target with well funded resources may have people looking for such attacks knowing they can lead to subsequent access or DoS attacks. Social Engineering, which is the act of manipulating people into performing actions in divulging confidential information or to trick people to do things that are beneficial to the user, may become prevalent at this stage. But if pulled off successfully the target may not know till its too late. A disgruntled employee may have knowledge of your network infrastructure, user names & passwords, and web vulnerabilities. As a CIO you want to keep attackers from finding this information and using it against you.
nslookup maps domain names to IP addresses
(usage) $ nslookup pbnetworks.net
Dig is a service to look up information in the DNS (query a specific DNS server)
(usage) $ dig pbnetworks.net any
; <<>> DiG 9.7.3-P3 <<>> pbnetworks.net any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50342
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;pbnetworks.net. IN ANY
;; ANSWER SECTION:
pbnetworks.net. 3600 IN SOA dns1.name-services.com. info.name-services.com. 2002050701 10001 1801 604801 181
pbnetworks.net. 3600 IN A 220.127.116.11
pbnetworks.net. 3600 IN MX 10 mxin.name-services.com.
pbnetworks.net. 3600 IN NS dns3.name-services.com.
pbnetworks.net. 3600 IN NS dns1.name-services.com.
pbnetworks.net. 3600 IN NS dns2.name-services.com.
pbnetworks.net. 3600 IN NS dns5.name-services.com.
pbnetworks.net. 3600 IN NS dns4.name-services.com.
;; Query time: 83 msec
;; SERVER: 18.104.22.168#53(22.214.171.124)
;; WHEN: Wed Jul 27 15:24:20 2011
;; MSG SIZE rcvd: 222
whois look up and find Internet domain registration data
(usage) $ whois pbnetworks.net
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: PBNETWORKS.NET
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
Updated Date: 23-jan-2009
Creation Date: 09-oct-2000
Expiration Date: 09-oct-2012
zonetransfer mechanism for replicating DNS data across DNS servers
(usage) $ dig pbnetworks.net axfr
; <<>> DiG 9.7.3-P3 <<>> pbnetworks.net axfr
;; global options: +cmd
;; connection timed out; no servers could be reached
NOTE: This command requires a zone transfer which the server may disallow.
dnsrecon standard record enumeration for a given domain available by darkoperator
(usage) # ./dnsrecon.rb -t std -d packetstormsecurity.org
fierce queries DNS server of target and attemps to dump the SOA records
(usage) $ ./fierce.pl -dns <target> -wide -file output.txt
This is interesting to run on a larger organizations that have vast networks.
nmap -sL perform a reverse DNS lookup on every IP address in the scan & send over the network and query the DNS server each time an IP address is listed.
(usage) # nmap -sL -oG - -iR 4
traceroute sends packets to destination by increasing the TTL value of each successive set of packets sent. Unix-like systems use UDP by default (Layer 4) & Windows (Layer 3) uses ICMP.
(usage) tracert pbnetworks.net (Windows) traceroute pbnetworks.net (UNIX)
The above DNS tools will likely identify numerous systems that are directly and indirectly associated with the target. You may identify many systems that are out of scope of your initial target and you must verify their inclusion in or exclusion from your target scope. When querying DNS servers you get some interesting information indicating which machines are mail servers, intranet, etc. Here is a list of DNS record types:
NS: Nameserver record
A: Address record
HINFO: Host Information record
MX: Mail Exchange record
TXT: Text record
CNAME: Canonical Name record
SOA: Start of Authority record
RP: Responsible Person record
PTR: Point of inverse lookups record
SRV: Service location record
Two great tools that are useful for enumerating targets thru DNS service are dnsrecon & fierce. Dnsrecon written by Carlos Perez provides different methods for enumerating targets such as query for SOA, top level domain, perform zone transfer, reverse record lookup, service record enumeration, and bruteforce subdomain and host records with wordlist. Fierce written by RSnake queries your DNS for DNS servers of the target. If it finds anything it will scan up and down looking for anything else with the same domain name in it using reverse lookups. There is a search option that allows you to find non-related domain names (Figure #1) $ ./fierce.pl -dns <target> -search searchoption1,searchoption2 (Where searchoption1 & 2 are different names that the target goes by such as acme.com and acmecompany.com) Fierce has wordlist support so that you can supply your own dictionary using the -wordlist key (Figure #2) $ ./fierce.pl -dns <target> -wordlist dicfile.txt -file target.txt. This was helpful with the site listed since I don't read Korean.
Information tools on the Internet
Instead of using built-in tools like traceroute, dig, etc you can use various websites that resolve domain names. The list below offers a variety of free services in simple web form which you can type information and get responses. Some sites offer more for an additional monthly or annual fee such as better performance, unlimited searches etc.
Whois, traceroute, IP information and more
Find Ip Tools, DNS tools, internet tools, whois, traceroute, ping, domain name tools and more
Find Ip Tools, DNS tools, internet tools, whois, traceroute, ping, domain name tools and more
Domain-based research services
Public Information regarding Internet Domain name registration services
The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.
Europe, Middle East, Central Asia
Asia and Pacific region
Latin America and Caribbean
Providing research data and analysis on many aspects of the Internet.
Searching for metadata
Metadata is data about data that resides on documents such as e-mail, spreadsheet, or other electronic document. This type of information became popular when it was used to catch the 30-year-old case involving the Wichita, Kansas BTK killer. Metadata is information about a document such as who created a file, the date it was crated and when it was last modified. The amount of metadata depends on the properties of the file type (Microsoft, Open Office, etc). We can use a tool to help us find this metadata off websites we are doing research on called metagoofil. Metagoofil is an information gathering tool designed for extracting metadata off public documents (pdf, doc, xls, ppt, odp, ods) available in the target websites. To install metagoofil on Ubuntu you will need libextractor installed on your distribution using the apt-get cmd: $ sudo apt-get install libextractor-plugins extract.
Next edit the metagoofil.py file and have the extcommand read as: extcommand='/usr/bin/extract'. The metagoofil.py file is executable but on some systems you may not be able to issue a $ ./metagoofil.py and will be required to issue $ python metagoofil.py. Once it is up and running you will see the metagoofil options and how it is used. You can issue the following commands to search a website for useful documents (see Figure #3) $ python metagoofil.py -d warnerbros.com -f all -l 50 -o warnerbros.html -t deadfile. The -d specifies the website to search, -f specifies the file type which I selected all, -l specifies the limit the results to 50, -o specifies the output in this case html, and -t specifies the target directory to download the files. Now let's open up a web browser and look at the results of the warnerbros.html file. (see Figure #4 & #5)
Now scroll through the html page and find all the important metadata from each file that was found during the scan. At the end of the document is a list of total authors found (potential users) along with path disclosure (see Figure #5).
Searching for email accounts, user accounts, and host names
A valuable tool for social engineering and intelligence gathering is theHarvester which will get e-mail accounts, user names and hostnames/subdomins from different public sources like search engines and PGP key servers. The sources supported are google, google profiles, bing, pgp, linkedin, and exalead, new features were added as of 03/04/2011 with the release of version 2.0 which include time delays between requests, XML results export, search a domain in all sources, and virtual host verifier. To issue a search use the following syntax: ./theHarvester.py -l 100 -b all -d target.com (see Figure #6)
You can redirect the output to a text file to read later. To utilize the bing feature you will need an API key otherwise you will get an error by issuing the all command. Open up vi or your favorite editor and edit the file ~/theHarvester-ng/discovery/bingsearch.py, look for the line that says: self.bingApi=" and enter your API number" and you are good to go.
Metasploit also has the ability to search for e-mail accounts using the gather option. This option in Metasploit is located in the auxiliary options just type search gather at the msf > prompt. (see Figure #7 & #8)
msf > use gather/search_email_collector
msf > set domain sempra.com
msf > run
This function is useful within metasploit but is not as powerful as using theHarvester. For instance metasploit use of the gather tool does not allow you to search for pgp accounts. It will search for emails in Google, Bing, and Yahoo.
Network Discovery with Paterva's Maltego
Paterva's Maltego is a general-purpose reconnaissance tool that runs on Windows, Linux, and Mac OS X. We will be discussing the version that runs on Linux. It is available in tow versions one community edition which is free and the commercial version. The differences are that the community version has a max of 12 results per transform, runs slower, and no updates till the next major version.
Maltego is built on the concept of transforms, taking one piece of information and performing a lookup to determine another piece of information. Maltego's transform will perform a DNS lookup and find the IP address. Then you can apply another transform to map the IP address to an organization's name via a netblock lookup.
Followed by a whois lookup on the org name and determine their public PGP key. Next you can map that key to the names of people who have signed the key to get names of more people. The issue that presents itself once you start this search is the vast amounts of information that is available. It is difficult for the human brain to see obscure links between seemingly unrelated data. It is easy to see commonalities between pieces of information when displayed graphically. This tool can graphically display the links between pieces of data.
- Groups of people (social networks)
- Web sites
Internet infrastructure such as:
- DNS names
- IP addresses
- Documents and files
To create a new graph use either the ctrl + T keyboard command or click on the (+) button next to the application icon. Once the graph is available you can add entities and run transforms to change those entities. The palette is available once you click on the manage tab and see it listed under windows which contains a default collection of entities.(see Figure #9) The palette is where you will find all the Maltego concepts (listed above) that you can drag onto the graph and edit then run transforms on.
Select a node from the palette and drag it onto the graph, to edit the value double click on the text. Left click on the node you want to select (should see a rectangle appear around it in yellow) and you will be give a list of transforms to run. All the transforms can be displayed and a selection made by clicking on a transform name. Transforms can also be grouped logically by the user into sets. At the top is the Maltego application button that provides access to additional functionality and resources. Maltego can easily load and save graphs that are saved with an .mtgx extension.
When you right click on the entity and get a list of transforms available you can choose any one of the associated transforms or apply all by choosing “All” transforms. This will take some time to complete and generate a lot of traffic. The info pulled back from various public sources is displayed hierarchically related to your initial data point and can be viewed several ways. (see Figure #10 & #11)
Shodan add-on for Maltego which requires Maltego version 3+ and a Shodan API key. This gives you 6 transforms; searchShodan, searchExploitDB, searchMetasploit, getHostProfile, searchShodanDomain, searchShodanNetblock. (see Figure #12)
SHODAN is a search engine that lets you find specific computers (router, servers, etc) using a variety of filters. The bulk of data is taken from 'banners', which are meta-data the server sends back to the client. This is information about the server software, what options the service supports, banner message or anything else that the client would like to know before interacting with the server. You can enter into your search input box the following: SCADA city:"San Diego" country:US and this will return SCADA systems that are running in San Diego. This can be very helpful in doing penetration tests for public utilities.
Useful Google Search Directives
Google is a useful tool you can use to find vulnerable systems in your target environments. At this years BlackHat Las Vegas 2011 conference researchers warn that "You can do a Google search with your Web browser and start operating [circuit] breakers, potentially,"Building, attacking and defending SCADA systems in the Age of Stuxnet." Among the results was one referencing a "RTU pump status" for a Remote terminal Unit, like those used in water treatment plants and pipelines, that appeared to be connected to the Internet. The result also included a password - "1234."
There are many search directives that you can use such as site, link, intitle, inurl, and the all directive. The "site:" directive allows an attacker to search for pages on just a single site or domain, narrowing down and focusing the search. The "link:" directive shows sites that link to a given web site. The "intitle:" allows you to search within a title text. The 'inurl:" directive lets us search for specific terms to be included in the URL of a given site. The "all" search directives that indicate we want pages only with all of the terms we use to search such as "allintext:", "allintitle:", and "allinurl:". There is a good book on the subject by Syngress called Google Hacking for Penetration Testers volume 2. A very good source to find many different search options is the GHDB hosted by Hackers for Charity a group that I do volunteer work for. There are a number of items to search for such as:
Advisories and Vulnerabilities (215 entries)
These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are product or version-specific.
Error Messages (68 entries)
Really retarded error messages that say WAY too much!
Files containing juicy info (230 entries)
No usernames or passwords, but interesting stuff none the less.
Files containing passwords (135 entries)
PASSWORDS, for the LOVE OF GOD!!! Google found PASSWORDS!
Files containing usernames (15 entries)
These files contain usernames, but no passwords... Still, google finding usernames on a web site..
Footholds (21 entries)
Examples of queries that can help a hacker gain a foothold into a web server
Pages containing login portals (232 entries)
These are login pages for various services. Front door of a website's more sensitive functions.
Pages containing network or vulnerability data (59 entries)
These pages contain such things as firewall logs, honeypot logs, network information, IDS logs
sensitive Directories (61 entries)
Google's collection of web sites sharing sensitive directories files contained sensitive to uber-secret!
sensitive Online Shopping Info (9 entries)
Examples of queries that can reveal online shopping info like customer data, suppliers, creditcard #'s
Various Online Devices (201 entries)
This category contains things like printers, video cameras, and all sorts of cool things found on the web
Vulnerable Files (57 entries)
HUNDREDS of vulnerable files that Google can find on websites...
Vulnerable Servers (48 entries)
These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the "Vulnerable Files" section.
Web Server Detection (72 entries)
These links demonstrate Google's awesome ability to profile web servers..
You can use many of the search terms above to search for a specific site you are doing reconnaissance on. A couple of other tools that implement many of the search terms contained in the GHDB are SiteDigger, Wikto, and Gooscan. SiteDigger runs on windows and generates its searches from a user-provided domain and the contents of either the GHDB or Foundstone's own FSDB of Google searches to find flawed systems. SiteDigger is now maintained by McAfee. Wikto performs Google searches using the GHDB against one or more user provided domains and runs on windows. Wikto provides several features, including a scan of the target webs servers looking for well-known vulnerable scripts. Gooscan runs on Linux and does not require a Google API key. It formulates queries for Google's regular human interface web page, and scrapes the results it gets back. The use of this tool could violate Google's terms of service.
The information in this article will be useful in preparing for your penetration test engagements. The reconnaissance phase used in many penetration tests and ethical hacking projects purpose is to gather information that will act as a firm foundation that testers will leverage for the remainder of the testing project.
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
Sep. 26, 2016 11:30 AM EDT Reads: 2,547
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
Sep. 26, 2016 11:30 AM EDT Reads: 2,528
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
Sep. 26, 2016 11:30 AM EDT Reads: 1,925
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Sep. 26, 2016 11:30 AM EDT Reads: 981
SYS-CON Events announced today that China Unicom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE F...
Sep. 26, 2016 11:15 AM EDT Reads: 1,725
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA. Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Sep. 26, 2016 11:15 AM EDT Reads: 2,858
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Sep. 26, 2016 11:06 AM EDT
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, will discuss how VPaaS enables you to move fast, creating scalable video experiences that reach your...
Sep. 26, 2016 11:00 AM EDT Reads: 984
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Sep. 26, 2016 10:45 AM EDT Reads: 3,218
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Sep. 26, 2016 10:45 AM EDT Reads: 3,405
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Sep. 26, 2016 10:30 AM EDT Reads: 889
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Sep. 26, 2016 10:00 AM EDT Reads: 2,678
SYS-CON Events announced today that ReadyTalk, a leading provider of online conferencing and webinar services, has been named Vendor Presentation Sponsor at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. ReadyTalk delivers audio and web conferencing services that inspire collaboration and enable the Future of Work for today’s increasingly digital and mobile workforce. By combining intuitive, innovative tec...
Sep. 26, 2016 10:00 AM EDT Reads: 2,757
Big Data has been changing the world. IoT fuels the further transformation recently. How are Big Data and IoT related? In his session at @BigDataExpo, Tony Shan, a renowned visionary and thought leader, will explore the interplay of Big Data and IoT. He will anatomize Big Data and IoT separately in terms of what, which, why, where, when, who, how and how much. He will then analyze the relationship between IoT and Big Data, specifically the drilldown of how the 4Vs of Big Data (Volume, Variety,...
Sep. 26, 2016 10:00 AM EDT Reads: 1,002
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
Sep. 26, 2016 09:45 AM EDT Reads: 2,840
WebRTC adoption has generated a wave of creative uses of communications and collaboration through websites, sales apps, customer care and business applications. As WebRTC has become more mainstream it has evolved to use cases beyond the original peer-to-peer case, which has led to a repeating requirement for interoperability with existing infrastructures. In his session at @ThingsExpo, Graham Holt, Executive Vice President of Daitan Group, will cover implementation examples that have enabled ea...
Sep. 26, 2016 09:00 AM EDT Reads: 1,525
Vidyo, Inc., has joined the Alliance for Open Media. The Alliance for Open Media is a non-profit organization working to define and develop media technologies that address the need for an open standard for video compression and delivery over the web. As a member of the Alliance, Vidyo will collaborate with industry leaders in pursuit of an open and royalty-free AOMedia Video codec, AV1. Vidyo’s contributions to the organization will bring to bear its long history of expertise in codec technolo...
Sep. 26, 2016 08:15 AM EDT Reads: 2,466
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
Sep. 26, 2016 08:15 AM EDT Reads: 1,544
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, will discuss recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model f...
Sep. 26, 2016 07:15 AM EDT Reads: 1,905
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Sep. 26, 2016 07:15 AM EDT Reads: 1,605