Penetration Testing mailing list archives
RE: Exploit Archive
From: "Strand, John" <John.Strand () mms gov>
Date: Wed, 18 Aug 2004 07:12:14 -0600
Hi Jared, I don't know if proving every weakness is a good idea in a production environment. I recommend verifying the vulnerabilities via tools like netcat, or actually pulling the versions of your OS's and applications to see if they are vulnerable. Or, if you are lucky, you can run the exploits against your test environment. This works nice because it demonstrates the effectiveness of the various vulnerabilities without adversely impacting your production servers. Trust me, it is absolutely no fun crashing a server as part of a pen-test or Vul assessment...Even if you have it in writing that you are not responsible for a system or app crash. Just to be clear, I do not under any circumstances recommend running exploit code from the sites below against your production servers. Rather, run them in a test environment or in a VMWare environment. Check these sites out.. http://packetstormsecurity.org/ http://www.k-otik.com/exploits/ http://www.thc.org/root/ http://exploitlabs.com/index1.html John -----Original Message----- From: DeMott Jared [mailto:demott_jared () bah com] Sent: Tuesday, August 17, 2004 7:44 AM To: pen-test () securityfocus com Subject: Exploit Archive Gang: I was wondering if anyone has a nice archive of Windows, Unix, etc. exploits (fully functional) they'd be willing to share. I'm about to do the first pen-test of our network. I know that I can identify "potential" flaws using Nessus, but my boss has asked that I prove to him each and every "potential" weakness. I've been told that you can find many exploits out on the web, but it's been such a hassle trying to find all of what I'm looking for! Also, I've been reading the discussion about methodology some people have been having: 1.) Vulnerability Assessment 2.) Penetration Test -Gather data -Pretend not to know data -Assess potential weakness -Try to Hack into the network -Determine what current patch levels are -Report successes or failures (does someone have this data?) -Recommend all necessary corrections Does anyone have a more complete methodology paper? I've been hearing some of the pros and cons of the above two. Do you normally do both, or just whatever people what? I assume the first is more difficult and time consuming; is that true? The approach is certainly important, but even more intimidating: I feel like I need to know everything about varying brands of firewalls, routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix, Netware, etc., etc., etc.! I'm pretty experienced in Unix and Firewalls, but does anyone have any advise on dealing with the shear magnitude of data necessary? Also, from the more practical tools stand point, do you guys just have everything loaded on one "attack" laptop. Dual boot, or VmWare? Thanks so much! Jared DeMott Vulnerability Analyst Booz | Allen | Hamilton ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
Current thread:
- Re: Exploit Archive, (continued)
- Re: Exploit Archive A.R. (Aug 19)
- Re: Exploit Archive Ramsey Consulting Services (Aug 19)
- Re: Exploit Archive Senser (Aug 20)
- Re: Exploit Archive Robert Rich (Aug 20)
- RE: Exploit Archive Michael Zanetta (Aug 23)
- Re: Exploit Archive Robert Rich (Aug 20)
- RE: Exploit Archive VĂctor Chapela (Aug 20)
- RE: Exploit Archive Todd Towles (Aug 20)
- Re: Exploit Archive Jacob Uecker (Aug 20)
- Re: Exploit Archive Jose Maria Lopez (Aug 24)
- Re: Exploit Archive Jacob Uecker (Aug 20)
- RE: Exploit Archive Altheide, Cory B. (IARC) (Aug 20)
- RE: Exploit Archive Strand, John (Aug 21)
- Re: Exploit Archive bora . dal (Aug 23)
- RE: Exploit Archive Todd Towles (Aug 24)
- Re: Exploit Archive George Lantz (Aug 24)