Penetration Testing mailing list archives
Re: Security Audit
From: "bacano" <bacano () esoterica pt>
Date: Thu, 6 Sep 2001 20:01:18 +0100
Btw, some have been mentioning "a hacker could spend weeks". Well, that's true - if the target is interesting enough. Most "hackers" (scrippies) are just out for the fast kick/breakin to install their ircbot or a ddos-drone - remove that noise first :>
Since was I that said that, just a little add to say that I was refering to a hacker not a kidiot. It's the diference between having sex or hacking playboy.com for free movies.
Other point in here is: The pen-tester has *one* advantage, he can ask the customer for an account on a machine, e.g. on a webserver - just *assume* a CGI is vulnerable (most are anyway :P) and then from the "start" being the UID which runs the webserver try to elevate your priviledges.
Again ... the same problem :> [ ]'s bacano ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Security Audit, (continued)
- Re: Security Audit Forrest Rae (Sep 05)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Bill Pennington (Sep 06)
- Re: Security Audit Todd Ransom (Sep 06)
- RE: Security Audit Dom De Vitto (Sep 06)
- Re: Security Audit Forrest Rae (Sep 06)
- Re: Security Audit R. DuFresne (Sep 06)
- Re: Security Audit Todd Ransom (Sep 05)
- Re: Security Audit Dave Wray (Sep 06)
- Re: Security Audit Jonathan Rickman (Sep 07)
- Re: Security Audit Philipp Buehler (Sep 06)
- Re: Security Audit bacano (Sep 06)
- Re: Security Audit Forrest Rae (Sep 05)
- Re: Security Audit bacano (Sep 05)
- Re: Security Audit JCovington (Sep 05)
- Re: Security Audit bacano (Sep 06)
- RE: Security Audit PM Systems - Rick Woehler (Sep 05)
- Re: Security Audit H Carvey (Sep 06)
- RE: Security Audit Filer, Eddie (ZA - Johannesburg) (Sep 06)
- RE: Security Audit Wertheimer, Ishai (Sep 06)
- Re: Security Audit Erik Tayler (Sep 06)
- Re: Security Audit Renaud Deraison (Sep 07)
- Re: Security Audit Justin Stanford (Sep 07)