Penetration Testing mailing list archives
Re: I want the PT list back....
From: Petr.Kazil () eap nl
Date: Thu, 13 Dec 2007 17:18:33 +0100
For me web app, to back end server, to the LAN is so rare it might as well be non-existent. Web app to DB - yeah...but not to internal LAN for me very much.
Yes, same here too. Nowadays WebApp, DB and LAN are always separated by firewalls.
Internal networks are still a mess, riddled with old vulnerabilities - even when the customer has patch management solutions. I can't be as noisy trying to find them like the good old days - but they are still there - the bigger the company the more legacy crap they have.
Yes, same here too. What always surprises me is that comapnies can afford to be several months - to 2 years (!) behind with Windows updates ... and nothing evil happens! Somehow the infrastructures I know seem to be resistant to trojans, malware and other stuff I read about all the time. Is it just that most organizations have up-to-date virus checkers on mailscanners, websweepers and PC's? Is that enough in most cases? It looks like that ... but it's against all best practices.
Anybody else in this boat? If so what's in your toolkit?
I made a quick dump of my Windows USB stick with tools. But - it's not complete and I know a few tools have newer versions. I will have to make a new updated version for myself soon (I have too many different USB sticks now). But I hope you are amused, it's nothing special really: 01_Netwerk_Scanners\scanline\sl.exe 01_Netwerk_Scanners\superscan4\SuperScan4.exe 02_Vulnerability_Scanners\framework-2.5.exe 02_Vulnerability_Scanners\framework-3[1].0-beta-2-svn.exe 02_Vulnerability_Scanners\languardnss8.exe 03_Windows_Enumeration\winfingerprint-0.6.2\setup.exe 04_WindowsShares\legion\SETUP.EXE 04_WindowsShares\ShareEnum\Release\RetinaDemo589.exe 04_WindowsShares\ShareEnum\Release\ShareEnum.exe 05_Windows_Updates\Retina\RetinaMSDTC.exe 05_Windows_Updates\Retina\RetinaNetApi.exe 07_Dumpsec\DUMPEVT.exe 07_Dumpsec\DUMPSEC.exe 10_Sniffers\Tcpview.exe 10_Sniffers\ngSniff-1.0\ngSniff.exe 10_Sniffers\Wireshark\wireshark-setup-0.99.3.exe 11_ArpSpoofing\Cain and Abel\ca_setup.exe 12_Printers\Hijetter_exe\Hijetter.exe 13_Passwords\lc4setup.exe 13_Passwords\hydrawin\hydra-5.3-win\hydra.exe 13_Passwords\hydrawin\hydra-5.3-win\pw-inspector.exe 13_Passwords\L0phtCrack LC5 v5.04\lc5setup.exe 14_Netcat\nc111nt\nc.exe 15_Clients\vnc-4_1_1-x86_win32.exe 15_Clients\Putty\putty.exe 15_Clients\WS_FTP\ws_ftp32.exe 16_Spidering\httrack-3.40-2.exe 16_Spidering\wgetwin\wget.exe 18_WiFi\netstumblerinstaller_0_4_0.exe 19_MacAdresAanpassen\MacMakeUp.exe 20_Editors\OpenOffice\OOo_2.1.0_Win32Intel_install_en-US.exe 20_Editors\vi\gvim63.exe 22_Zippers\IZArc35.exe 23_Pictures\iview398.exe 30_BIOS\CTBIOS.EXE 30_BIOS\CTCM7.EXE 30_BIOS\MBM5370.EXE 31_PC_Settings_Belarc\advisor.exe 32_Loganalyse\eventcombMT.exe 40_Analyzecsvde\analyzecsvde_publish_oud\analyzecsvde_1_0_0_17\analyzecsvde.exe 90_Sysinternals Toolset\PsService\psservice.exe 91_Tools_Reskit\adlb.exe [and more] 92_Unix_Utils\grep.exe [and more] 94_Support Tools\acldiag.exe [and more] 99_AD_Tools\dnslint.exe 99_AD_Tools\repadmin.exe 99_AD_Tools\2003\replmon.exe 99_AD_Tools\Resource Kit\sonar.exe 99_NogOnbekend\fgdump-1.5.0 99_NogOnbekend\pwdump6-1.5.0 ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- I want the PT list back.... Joseph McCray (Dec 12)
- Re: I want the PT list back.... Pete Herzog (Dec 13)
- Re: I want the PT list back.... Peter Wood (Dec 13)
- Re: I want the PT list back.... Didi (Dec 17)
- RE: I want the PT list back.... Shenk, Jerry A (Dec 13)
- RE: I want the PT list back.... Ken . Carty (Dec 13)
- Re: I want the PT list back.... Petr . Kazil (Dec 13)
- RE: I want the PT list back.... Erin Carroll (Dec 13)
- Re: I want the PT list back.... Andre Gironda (Dec 17)
- <Possible follow-ups>
- Re: I want the PT list back.... krymson (Dec 13)
- RE: I want the PT list back.... Bob Radvanovsky (Dec 14)