Penetration Testing mailing list archives
Re: Exploit Archive
From: "DokFLeed.Net" <dokfleed () dokfleed net>
Date: Sat, 14 Aug 2004 08:45:41 +0400
Well, you solved your own problem "I've been told that you can
find many exploits out on the web, but it's been such a hassle trying to find all of what I'm looking for! "
the problem is what are you looking for? running an automated tool will not be your salvation, most of them ,even the very expensive ones, seem to ignore some serious holes, and I mean most of them without naming any. lets say , I got a client paid 45K $ on tools and they couldn't pickup what's happening, even when he chose all the audits available on each of them. your worries should go away , by your own methodology, you are even in a better situation since you aren't starting a Zero-Knowledge testing. *run a discovery tool, Nmap is enough and great. *what ever results of open ports you get verify it, a simple telnet to this port at least *verify the OS fingerprinting you get , then optimize your test. *test only what's open, don't be a dreamer and try to audit a closed port, I have seen it happening. and I bet each tester on his first project did it, its the enthusiasm rather than experience. *Enumerate the services you get, try to get the version, behavior, how it works, read about the product, its knowledgebase , support, FAQs, ( after some projects, you will find out that you learnt about most of the products). * search for exploits if you cant code your own, google it , securityfocus of course, plus hundreds of other sites. * if you cant find any then you will have to try your own 0day xploit :) * make a plan, don't just start chasing IPs, write down the IPs, the stage you are at, results, document everything. Hopefully you find it all fine, but the problem then isn't technical , its bizness a secured customer isn't a happy customer, nobody likes to hear that they paid money and they are ok, for them as managers its a waste of money , remember this. btw, old xploit archives aren't that valuable, you will find it easily online and mostly the old systems will be patched. try this link, am trying to post all the links and tools there, it isn't complete yet http://www.isnsc.com/links.html hope it helped DokFLeed Would you rather hack and go to jail, or hack and get paid ! ========================= ----- Original Message ----- From: "DeMott Jared" <demott_jared () bah com> To: <pen-test () securityfocus com> Sent: Tuesday, August 17, 2004 5:43 PM Subject: Exploit Archive
Gang: I was wondering if anyone has a nice archive of Windows, Unix, etc. exploits (fully functional) they'd be willing to share. I'm about to do the first pen-test of our network. I know that I can identify "potential" flaws using Nessus, but my boss has asked that I prove to him each and every "potential" weakness. I've been told that you can find many exploits out on the web, but it's been such a hassle trying to find all of what I'm looking for! Also, I've been reading the discussion about methodology some people have been having: 1.) Vulnerability Assessment 2.) Penetration Test -Gather data -Pretend not to know data -Assess potential weakness -Try to Hack into the network -Determine what current patch levels are -Report successes or failures (does someone have this data?) -Recommend all necessary corrections Does anyone have a more complete methodology paper? I've been hearing some of the pros and cons of the above two. Do you normally do both, or just whatever people what? I assume the first is more difficult and time consuming; is that true? The approach is certainly important, but even more intimidating: I feel like I need to know everything about varying brands of firewalls, routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix, Netware, etc., etc., etc.! I'm pretty experienced in Unix and Firewalls, but does anyone have any advise on dealing with the shear magnitude of data necessary? Also, from the more practical tools stand point, do you guys just have everything loaded on one "attack" laptop. Dual boot, or VmWare? Thanks so much! Jared DeMott Vulnerability Analyst Booz | Allen | Hamilton
Current thread:
- Exploit Archive DeMott Jared (Aug 17)
- Re: Exploit Archive DokFLeed.Net (Aug 18)
- Re: Exploit Archive R. DuFresne (Aug 18)
- Re: Exploit Archive chewy (Aug 19)
- Re: Exploit Archive Francisco Sáa Muñoz aka n3z (Aug 20)
- Re: Exploit Archive R. DuFresne (Aug 18)
- Re: Exploit Archive DokFLeed.Net (Aug 18)
- Re: Exploit Archive Kevin Sheldrake (Aug 18)
- Re: Exploit Archive Ereshkigal (Aug 19)
- Re: Exploit Archive Jacob Uecker (Aug 18)
- Re: Exploit Archive A.R. (Aug 19)
- Re: Exploit Archive Ramsey Consulting Services (Aug 19)
- Re: Exploit Archive Senser (Aug 20)
- Re: Exploit Archive Robert Rich (Aug 20)