Penetration Testing mailing list archives
RE: Pen-test Freesshd 1.10
From: "Clemens, Dan" <Dan.Clemens () healthsouth com>
Date: Fri, 22 Dec 2006 08:45:07 -0600
Steven, Don't get too discouraged. As far as using the metasploit module for this, have you tried different payloads? Have you validated the operating system you are attacking? As for other avenues - What other services are running on the box? Have you tried enumerating users on the machine? Have you tried brute forcing logins with hydra? Have you checked to see what udp services are running? Did you look at all the ports on the box or did you run nmap <target> with the default port options? Are you getting any errors on ./slashing with metasploit? Have you tried sniffing the connection for your exploit to see if anything comes back? Do you firewall rules setup on your attacking machine? Just thought I'd throw out questions for you. We all get stuck from time to time and sometimes an outside party asking questions can re-jog your memory or help you troubleshoot. -Daniel Clemens -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Saehrig, Steven Sent: Thursday, December 21, 2006 1:57 PM To: pen-test () securityfocus com Subject: Pen-test Freesshd 1.10 Hello all, This is the first time sending to the list I would like to know some way to pen-test a sftp server I have setup on our network. I have tried nmap for open ports and I have tried metasploit for buffer overflows that I found on Google. Are there any programs or tricks I should know to try and break into this. I am basically proving the security of the application for production use. Thank you for any advise you can give me. Steven ------------------------------------------------------------------------ ------------------------------------------------------------------------ -- This e-mail and any attachments transmitted with it are proprietary, confidential and legally protected from disclosure.If you are not the intended recipient, or agent of the intended recipient, you are hereby notified that any reading, disclosure, distribution, or use of this message or its attachments is strictly prohibited. If you received this message in error, please notify the sender immediately and delete or destroy all copies of the message and any attachments thereto. ----------------------------------------- Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you.
Current thread:
- Pen-test Freesshd 1.10 Saehrig, Steven (Dec 21)
- RE: Pen-test Freesshd 1.10 Clemens, Dan (Dec 22)
- Re: Pen-test Freesshd 1.10 Jamie Riden (Dec 22)