Penetration Testing mailing list archives
Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: Carric Dooley <carric () COM2USA COM>
Date: Mon, 11 Sep 2000 19:03:37 -0400
- Well... vmware is a great idea but performance pretty much sucks even on a high-end laptop. - Yes, tools written for both platforms like nmap. On NT it misses 50% or more of the hosts on the network when doing a large scan. I ran scans on a 25,000 node network, and I came up with more than twice as many hosts on nmap using Linux than I did for NT. - I think the accepted practice is (if you can say that since no two pen-testers will work the same doing the same things): > gather information > look for the low-hanging fruit (i.e. easy stuff like telnetting in as root/root) >look for web servers as these are almost ALWAYS full of holes > search the sec archives if no easy hacks available > if all else fails.. social engineering is usually a pretty sure bet - I think the best tools for network mapping may be the free stuff (used Visio 2K Enterprise... extremely painful. The SolarWinds stuff is nice though. That with nmap, nlog can go a long way. SolarWinds or SuperScanner are extremely fast and can give you a host list to work with. I would maybe go back with those host lists and feed them to ISS Scanner, and nmap. Maybe cybercop or nessus too. Depends on what you are trying to accomplish. - I provide all of the data to the client (whether you think they can use it or not). There may be someone that can retrace your steps and move forward with what you provide them. - ----- Original Message ----- From: "Teicher, Mark" <mark.teicher () NETWORKICE COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Sunday, September 10, 2000 11:39 PM Subject: Re: [PEN-TEST] How to "break into" the Pen-Testing field
Has anyone considered utilizing a Red Hat Linux 6.2 box running VMWare for Windows NT. ??? Instead of having a multi-boot disk or multiple disk packs. It appears that some of these tools are available for both platforms. One is absolutely correct, it really depends on the type of penetration test one is engaged to conduct. But what really is Industry Best Practices. I know some high end consulting services like to utilize a mixture of commercial and freely available network and host based scanners to give an overall analysis. Then parse through the results to formulate
a
network and host map. What tool would be used first and what would be the secondary tool to validate any false positives one may discover??? Is there any manual massaging of the data?? Would you turn over the raw data to the
customer??
/mark At 06:17 PM 9/10/00 -0400, Frasnelli, Dan wrote:What would be the typical tool suite one would use on a Pen Test??I assume you meant the usual network-based penetration test by that. If you are asked to mess with a client's pbx/vmb, physical security, employees, etc... there are other techniques or hardware involved. Most penetration tests are conducted in two phases: exploration and exploitation. I recommend you tailor a software 'tool suite' with those as guidelines. Depending on your style, organizing tools this way may or may not be efficient. Below are examples biased towards Unix; perhaps an NT person has suggestions for that platform. Exploration and Analysis - portscanners: nmap (www.insecure.org) - sniffers: tcpdump (www.tcpdump.org) ngrep (sourceforge.net/projects/ngrep) dsniff (www.monkey.org/~dugsong/dsniff) - vuln scanners: vlad (razor.bindview.com/tools/) whisker (sourceforge.net/projects/whisker) - Samba, nbtscan, l0phtcrack & other tools for windows networks - the inevitable custom code and scripts Exploitation - hunt (www.gncz.cz/kra/index.html) - misc tools (www.ussrback.com, www.packetfactory.net) - whatever is current from packetstorm/ussrlabs/bugtraq/etc. for the targets. This category is dynamic and typically contains unreleased exploits, in-house code, etc. Its also the attack phase which causes most 'script kiddies' grief, as it requires a lot of creative tweaking to avoid detection. A portable computer and disc with various tools compiled for your
platform
of choice is a good starting point for a network penetration kit. -dan
Current thread:
- Re: [PEN-TEST] How to "break into" the Pen-Testing field, (continued)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field gatekeepr (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Dragos Ruiu (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 11)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 11)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Bennett Todd (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field gatekeepr (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Carric Dooley (Sep 12)
- Message not available
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Adrian Lazar (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 13)
- Re: [PEN-TEST] Visio bites Carric Dooley (Sep 14)
- Re: [PEN-TEST] Visio bites batz (Sep 14)
- [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) batz (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Jose Nazario (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)