Re: Pen-Testing New Server - Where to start?

["crazy frog crazy frog" <i.m.crazy.frog () gmail com>]

HI,
there is a framework for penetration testing.which you can get at
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
read it and follow the steps.
REgards,

On Nov 14, 2007 2:26 AM, Security <security () gridrunners com> wrote:
> Hi, I'm new to the InfoSec industry and would like to try my hand at
> penetration-testing (and securing) a new server I've set up at home.
>
> Seeing as I've set up the system, I know all the usernames/passwords
> used on the box, as well as how everything is set up, but I'd like to
> approach this as an outside user, pretending that I have none of this
> information. I want to try to gather information, form an attack plan,
> and attempt to crack the system from scratch, so that I can later on go
> back and secure the system against those attacks.
>
> Here's the information I can assume I'd know, from basic enumeration:
>
> The server is running Ubuntu v6.06, with the following services:
> ftp
> http (apache)
> smtp
> pop3
> irc (hybrid)
> ssh
>
> When setting up the system, I followed the following tutorial (almost to
> a T... though I did a few things different):
>
> http://www.howtoforge.com/perfect_setup_ubuntu_6.06
>
> Since the system is on my local network, I know there's only one IP I've
> got to worry about, and this is the only target machine.
>
> Any ideas where I should start? What information might help?
>
> Thanks.
>
> ~Xor



-- 
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com