Security Basics mailing list archives
Re: Pen-Testing New Server - Where to start?
From: "crazy frog crazy frog" <i.m.crazy.frog () gmail com>
Date: Wed, 14 Nov 2007 14:43:25 +0530
HI, there is a framework for penetration testing.which you can get at http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html read it and follow the steps. REgards, On Nov 14, 2007 2:26 AM, Security <security () gridrunners com> wrote:
Hi, I'm new to the InfoSec industry and would like to try my hand at penetration-testing (and securing) a new server I've set up at home. Seeing as I've set up the system, I know all the usernames/passwords used on the box, as well as how everything is set up, but I'd like to approach this as an outside user, pretending that I have none of this information. I want to try to gather information, form an attack plan, and attempt to crack the system from scratch, so that I can later on go back and secure the system against those attacks. Here's the information I can assume I'd know, from basic enumeration: The server is running Ubuntu v6.06, with the following services: ftp http (apache) smtp pop3 irc (hybrid) ssh When setting up the system, I followed the following tutorial (almost to a T... though I did a few things different): http://www.howtoforge.com/perfect_setup_ubuntu_6.06 Since the system is on my local network, I know there's only one IP I've got to worry about, and this is the only target machine. Any ideas where I should start? What information might help? Thanks. ~Xor
-- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com
Current thread:
- Pen-Testing New Server - Where to start? Security (Nov 13)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? Security (Nov 14)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? Security (Nov 14)
- Re: Pen-Testing New Server - Where to start? crazy frog crazy frog (Nov 14)
- <Possible follow-ups>
- Re: Pen-Testing New Server - Where to start? theosdguy (Nov 14)
- Re: Pen-Testing New Server - Where to start? none (Nov 14)
- Re: Pen-Testing New Server - Where to start? rohnskii (Nov 14)
- Re: Re: Pen-Testing New Server - Where to start? adrian-lazar (Nov 14)
- Re: Pen-Testing New Server - Where to start? krymson (Nov 16)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)