Security Basics mailing list archives

RE: Simulating Attacks

From: "Harshul Nayak" <harshul.nayak () patni com>
Date: Fri, 5 Mar 2004 14:20:15 +0530

Hi bhargav,

there are various scenarios you can build.

Have three diff environment
a.Red hat linux
b. windows wnt
c. sun solaris

Have a linux box running red hat 6.2 running ftp daemon..
attack simulation - Buffer overflow ; remote root compromise

on windows machine ; winnt 4.0 running iis 4
simulation attack - Directory traversal ; Remote shell compromise

on sun solaris 7.0 or 8.0 ;
running telnet daemon
simulation attack - remote compromise of the telnet server.

The permitation and combinations of various attacks are many. you will have
to built it up accordning to your audience and skills.

exploits for the above mentioned attacks are available in the wild.

wish u luc.
-regs
Harshul

-----Original Message-----
From: Bhargav Bhikkaji [mailto:bbhikkaji () yahoo co in]
Sent: Thursday, March 04, 2004 9:08 PM
To: security-basics () securityfocus com
Subject: Simulating Attacks




Hello Folks,

I am in need of simulating few attacks as demo to a group of 50. Need your
help/suggestion for choosing the following

1) What attacks should i choose ?
2) How to simulate these attacks?

I am thinking of few attacks like Buffer Overflow, TCP Hijacking but  don't
know how much effort is needed to simulate these. I am not interested in TCP
or ICMP DOS Attacks.

-Bhargav

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Simulating Attacks Bhargav Bhikkaji (Mar 04)
- Re: Simulating Attacks Gene Cronk (Mar 04)
- RE: Simulating Attacks Des Ward (Mar 04)
- RE: Simulating Attacks Harshul Nayak (Mar 08)