Re: delving deeper

[GuidoZ <uberguidoz () gmail com>]

> Well UberGuidoZ, you better go download the new version. =)

(O_o) New version? Mmmm, two of my favorite words. (Oh, that's Mr.
UberGuidoZ to you "DJ". =P )

>  WHoppix 2.5 (based on knoppix 3.7)

Doh! I have (and was using) v2.5 - maybe I read wrong. (I thought it
said it was based on v3.6). Maybe it was v2.4. No matter - the I-Stick
works on Whoppix, just not Knoppix. And whatever version I had was
based on Knoppix v3.6, so it confused the hell outta me.

I had downloaded and burned Knoppix v3.7, though the MD5s didn't match
after the burn and it started giving me kernel errors on boot, so I
just dismissed it as a toasted CD. Will try it again. (Emailing from
v3.6 right now.)

Whoppix shows promise to be a very full-featured pen-testing kit.
Assuming it's kept up to date, it would be another CD I carry with me
on the job, and advise others to do. Something else I appreciated -
Java/Flash support right out of the box. Trivial to fix I know, but
it's nice to not have to do it. ;)

--
Peace. ~G


On Mon, 20 Dec 2004 13:46:04 -0600, Todd Towles
<toddtowles () brookshires com> wrote:
> Well UberGuidoZ, you better go download the new version. =)
>
>  WHoppix 2.5 (based on knoppix 3.7)
>
> > -----Original Message-----
> > From: GuidoZ [mailto:uberguidoz () gmail com]
> > Sent: Monday, December 20, 2004 2:22 AM
> > To: David Taylor
> > Cc: xyberpix; Chris Benedict; pen-test () securityfocus com
> > Subject: Re: delving deeper
> >
> > > My favourite is whoppix, another knoppix variant that has a
> > large body
> > > of exploits included.
> >
> > I'm actually emailing from Whoppix right now. Been playing
> > with it most of the night. Very well built and could be a
> > pen-testers dream.
> > It's not setup like many of the other Knoppix distros (though
> > it reminds me of Knoppix-STD), as it doesn't have all the
> > bells and whistles. It's chocked FULL of pen-testing
> > applications and exploits however. Impressvie indeed.
> >
> > I also noticed something odd... Whoppix seems to support my
> > 1GB PQI I-Stick (USB Flash drive) while Knoppix (v3.4 and
> > v3.6) or Knoppix-STD
> > (0.1) don't. Whoppix is based on Knoppix v3.6, so go figure.
> > I'm just happy to have a 1GB home drive I can carry around. =)
> >
> > --
> > Peace. ~G
> >
> >
> > On Wed, 15 Dec 2004 11:16:54 +1100, David Taylor
> > <David.Taylor () austrac gov au> wrote:
> > > My favourite is whoppix, another knoppix variant that has a
> > large body
> > > of exploits included.
> > >
> > > www.whoppix.net  And the site even has some nice demos to get you
> > > going
> > > :)
> > >
> > > Regards
> > > David Taylor
> > >
> > > -----Original Message-----
> > > From: xyberpix [mailto:xyberpix () xyberpix com]
> > > Sent: Wednesday, 15 December 2004 4:00 AM
> > > To: Chris Benedict
> > > Cc: pen-test () securityfocus com
> > > Subject: Re: delving deeper
> > >
> > > Hi Chris,
> > >
> > > Go and download a copy of PHLAK(http://www.phlak.org),
> > there's a load
> > > of good docs on the disc, and some really good tools to get
> > you going.
> > > Above
> > > it all it's Linux, so it should run on your machines.
> > > Aside from that scour the net for anything pertaining to
> > pen testing
> > > and security, and read as much as you can possibly
> > tollerate, it'll be
> > > worth it in the end.
> > >
> > > xyberpix
> > >
> > > On Mon, 13 December, 2004 10:34 pm, Chris Benedict said:
> > > > Hi, I've been looking at security and penetration-testing
> > for some
> > > > time now and would like to get further into it.  I'd like
> > to learn
> > > > more about penetration-testing, forensics, techniques for network
> > > > exploration/mapping, web application security and
> > incedent handling.
> > > > However I'm not really sure where to start, I looked at
> > the OSSTMM
> > > > and it was above my head.
> > > >
> > > > At the moment I have a very limited budget and only a few spare
> > > > low-end computers.  If it matters, I'm mainly running
> > OpenBSD.  Are
> > > > there any particular books or other media that I should
> > take a look
> > > at?
> > > > Any thoughts or recommendations are welcomed and greatly
> > appreciated.
> > > > -Chris Benedict
> > >
> > > --
> > > For security and Opensource news check out:
> > > http://www.xyberpix.com
> > **********************************************************************
> > > Please  note  that  your  email address  is known to
> > AUSTRAC  for the
> > > purposes  of  communicating with you.  The information
> > transmitted in
> > > this  e-mail is  for the  use of  the intended  recipient
> > only and may
> > > contain confidential and/or legally  privileged  material.
> > If you have
> > > received  this information  in error you must not
> > disseminate, copy or
> > > take  any  action on  it and we  request that you delete
> > all copies of
> > > this transmission together with attachments and notify the sender.
> > >
> > > This footnote also confirms that this email message has
> > been swept for
> > > the presence of computer viruses.
> > **********************************************************************
> > >