Re: Newbie Hacker Tools

[Vijay Vikram <karpagamekapali () gmail com>]

Hi All,

There is a bizzare amount of tools available and white/black hats
available to do the job. However for the present situation ,as Edmond
puts, Nessus is the choice of the hackers and Security Admins.

Ethereal and Snort, ACID are other "types" of tools to audit the holes
in the system and the possible fixes for them.

A good security auditor does not stick to one tool to complete his job
and would have

1. Ethereal
2. Nessus / SATAN / SAINT
3. SNORT / ACID
4. Tools from ISS- SAFE suite
5. Lopht from @stake
6. Netcat - the swiss army knife
7. Strobe / Blaster Scan 
8. Rootkits and Anti Rootkits
9. Sniffers / TCP wrappers 
10. Tripwire toolkits
11. Zombie Zappers to avoid DDoS and etc....... [the list is endless
depending on the functionality and the areas used]








On Thu,  6 Jan 2005 12:18:51 -0500, bernie () e-mich com <bernie () e-mich com> wrote:
> Ed,
>
> Nessus is a very powerfull tool for finding exploits in servers and networks.
> If you have any specific questions feel free to ask me.  I have used Nessus for
> an few years now and find it to be my tool of choice and it is also the tool of
> choice for many crackers and script kiddies looking to break into to things or
> to exploit networks.
>
> There are some very good articles out there on how to use Nessus, I would first
> go to www.securityfocus.com and search for Nessus there.  This will give you a
> starting to with which to being using Nessus.
>
> Once you have a basic understanding of it then give me a shout if you need some
> help on implementing it and using it.
>
> B. Johnson
>
>
> Quoting Edmond Chow <echow () videotron ca>:
>
> > Hello all,
> >
> > My name is Ed and I run a technology consulting company.  I have begun
> > offering computer security audits to my clients and, as I am not experienced
> > in hacking, have been subcontracting this work out.
> >
> > The written reports that I have received back from the hackers leave much to
> > be desired!  Not knowing too much about intrusion detection but realizing
> > that when almost nothing is found wrong (from a security viewpoint) with a
> > client's network, I am in big trouble!  Either the hacker does not have the
> > experience to find any problems or there really are not any problems.
> >
> > On my first few audit assignments, I was barely able to break even as I had
> > to hire two independent hackers for each  i.e., a second hacker had to be
> > hired to give me an independent assessment of the network.  I then cut and
> > pasted the two reports into a final "acceptable" one.
> >
> > I am at a crossroads where I can either give up on the security audits or
> > learn to do them myself.  I have chosen the latter and was hoping to get
> > some help from experts like you.  I realize that I will have a steep hill to
> > climb but I feel confident that I can learn enough to be much more
> > proficient that the hackers that I am currently paying.
> >
> > I'm really confused about what tools I need in my "toolkit" for
> > Windows-related audits.  I've heard a lot about Nessus as a freeware program
> > but am confused when I go on the nessus.org site and see that it might not
> > be free.  Other programs I've heard of include nmap, SAINT, Newt.
> >
> > And, perhaps, there are tools out there (either free or not) that would
> > provide me with an "audit in a box?"  I'm guessing that the pros have a
> > select few tools of the trade that they use.  You've listed a bunch of tools
> > on your site as well.  I realize that ethical hacking is an art and that no
> > two hackers will use exactly the same tools but I am hoping to learn to use
> > the tools they most often use.
> >
> > Thanks for any help that you can shed on this subject.
> >
> > Regards,
> >
> >
> > Ed
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.