Security Basics mailing list archives
Re: which is next step after using tools in penetration testing?
From: Serg B <sergeslists () gmail com>
Date: Wed, 4 Mar 2009 09:29:07 +1100
Hi Why would you want to exploit something that you know can be exploited (or at least there are better than average chances that it can be)? It's a waste of your time and your client's money. You have proven that the vulnerability or at least a potential vulnerability exists. At this point in time the client is going to go through the report and attempt to check the version numbers/code/etc in order to start the remediation process... So in my opinion exploitation is not a step in the right direction, unless of course you have been instructed to demonstrate a working exploit. Instead, perhaps, suggest how they could solve the problem. Serg On Wed, Mar 4, 2009 at 2:58 AM, <praveen_recker () sify com> wrote:
Hi Manoj, After the Penetration Testing is done u'll have good amount of data, vulnerability names, CVE's, BID's etc which come under Vulnerability Correlation. Based upon the information available (mentioned above) for Vulnerability, you can google for various exploits. For specific sites u can go through Metasploit, milw0rm etc which are free. You can use commercial tools like CoreImpact, Canvas, BreakingPoint etc which are loaded with commercial exploits. On the other hand if u r good at perl/python scripting and able to understand the Vulnerability u can write your own exploits. Developing exploits using C/C++ is time consuming. Best Regards, Praveen Darshanam, Security Researcher, INDIA
Current thread:
- Re: which is next step after using tools in penetration testing? m . amit30 (Mar 02)
- RE: which is next step after using tools in penetration testing? Rafael Torrales Levaggi (Mar 03)
- Re: which is next step after using tools in penetration testing? Abhishek Kumar (Mar 03)
- <Possible follow-ups>
- Re: which is next step after using tools in penetration testing? praveen_recker (Mar 03)
- Re: which is next step after using tools in penetration testing? Serg B (Mar 03)
- Re: which is next step after using tools in penetration testing? Vivek P (Mar 04)
- Re: which is next step after using tools in penetration testing? Meenal Mukadam (Mar 04)
- Re: which is next step after using tools in penetration testing? rohnskii (Mar 05)
- Re: Re: which is next step after using tools in penetration testing? dan . crowley (Mar 05)