Metasploit mailing list archives

Pen-Testing and Metasploit Question

From: mmo at remote-exploit.org (max)
Date: Tue, 21 Apr 2009 10:06:06 +0200

Hi there,

as you all know i don't post that much to this list but this is getting
me out of the cave.

Because we do backtrack since years, we hear those questions over and
over again.

No, pentesting is not about tools. It's bout the same when you would say
painting is about Brushes.

Maybe one can get away with core/msf etc etc but hey.. this is the
boring part of the job.

Nothing is better then being hired for reviewing something new, which is
not in the toolset.

All the great tools are coming out of a need by people doing their
work/fun. Pentesting is more about apply your knowhow in creative ways,
which is a definition of art&passion.

Don't get pissed off, we all started somewhere, but believe me its
best to a) read and learn as much as you can b)take a target you like
to learn about and take it apart.

Hope those cents helped a bit. Stop talking about the tool itself...its
the brain doing the work.

max




chuks Jonia wrote:

The most important thing is practice,  to understand how you can
pentest different platforms and networks. And also bypassing of IDSs
and IPS system. Maybe you have a good background in networking,
administration and development which adds an advantage, but this field
may need alot of work and patience to make it.

On Mon, Apr 20, 2009 at 2:11 AM, Professor 0110 <professor0110 at gmail.com> wrote:

Hi everyone,
I'm hoping to officially break into the Penetration Testing/Ethical
Hacking/Information Security sector within the next couple of years. I was
wondering if just having the Metasploit Framework for exploitation would be
enough in a Pen Testing situation - along with Port Scanners, Vulnerability
Scanners, and Back-Track of course. :)
The reason I ask is that Metasploit doesn't cover every single remote
exploit, and to compile an exploit off places such as Milw0rm can be time
consuming and inefficient in a Pen testing situation. Especially if the
source code is broken and needs tweaking/rewriting to compile properly.
Thanks. :)
Professor 0110
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Pen-Testing and Metasploit Question Professor 0110 (Apr 19)
- Pen-Testing and Metasploit Question chuks Jonia (Apr 19)
  - Pen-Testing and Metasploit Question max (Apr 21)
    - Pen-Testing and Metasploit Question Ronald L. Rosson Jr. (Apr 21)
- Pen-Testing and Metasploit Question rogue (Apr 20)
  - Pen-Testing and Metasploit Question chuks Jonia (Apr 20)
- Message not available
  - Pen-Testing and Metasploit Question Professor 0110 (Apr 21)
    - Pen-Testing and Metasploit Question MaXe (Apr 22)
- Pen-Testing and Metasploit Question Simon Taplin (Apr 22)
  - Pen-Testing and Metasploit Question pandini pandini (Apr 23)
    - Pen-Testing and Metasploit Question Kevin Beaver (Apr 23)
    - Pen-Testing and Metasploit Question Ben Nell (Apr 23)
    - Pen-Testing and Metasploit Question pandini pandini (Apr 29)

(Thread continues...)