PaulDotCom mailing list archives
Re: Testing exploits
From: Mike Patterson <mike () snowcrash ca>
Date: Tue, 18 Jan 2011 13:11:09 -0500
To put Zate's final paragraph in different words: Your sysadmins need to know what data is on the systems you pop. Your CTO needs to understand the effect a compromise of that data might have on the rest of the business. You need to suggest fixes that don't involve "you need to escalate priority on all of them to highest now," since that's almost certain to happen. Succinctly, if you don't have data classification and what boxes are allowed to store which levels, you're in trouble already. But if you're in that situation, you can use this experiment to force such an examination, assuming your SAs don't just say "we're too busy fixing all the problems you've already pointed out, get stuffed." Mike On 2011/01/18 11:34 AM, Zate Berg wrote:
If the CTO is requesting it then you are over a major hurdle already, getting management to understand what it means when you can pop a box easily and allowing you to test like this. I have had luck with taking Nessus scans and trying to exploit weaknesses with Metasploit to prove a point. I have also had success with just filtering Nessus output on "exploitable" vulnerabilities (can do that in filters in the web client). Nessus will show you in the results vulnerabilities that have confirmed exploits in metasploit/canvas/core. I think the key here is presenting your findings in a format that says more than "ha we got shell". Being able to frame up exactly what the impact to the business of that particular system getting compromised is. Does it hold important data? Is it a trusted system with access to other more important systems? The context of what you have compromised is really important. Good luck. Zate On Mon, Jan 17, 2011 at 11:16 PM, Steve <spassino () mac com> wrote:I am curious to everyone's opinion on the following ....We have a small group of servers in our environment that run out of date operating systems, primarily windows 2000 and redhat 3. We are doing the dance with business teams, migration is happening but slow. Our CTO has asked the security team to begin testing exploit code against these servers - a successful exploit would move that server up the priority list of getting it migrated off onto a supported operating system. Our tests only hit non-production servers so production is not impacted. Does anyone else have a similar process or tried something similar and was it successful ? --Steve _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Testing exploits Steve (Jan 18)
- Re: Testing exploits Zate Berg (Jan 18)
- Re: Testing exploits Mike Patterson (Jan 18)
- Re: Testing exploits Zate Berg (Jan 18)