Security Basics mailing list archives

Pen-Testing New Server - Where to start?

From: Security <security () gridrunners com>
Date: Tue, 13 Nov 2007 14:56:57 -0600

Hi, I'm new to the InfoSec industry and would like to try my hand atpenetration-testing (and securing) a new server I've set up at home.

Seeing as I've set up the system, I know all the usernames/passwordsused on the box, as well as how everything is set up, but I'd like toapproach this as an outside user, pretending that I have none of thisinformation. I want to try to gather information, form an attack plan,and attempt to crack the system from scratch, so that I can later on goback and secure the system against those attacks.


Here's the information I can assume I'd know, from basic enumeration:

The server is running Ubuntu v6.06, with the following services:
ftp
http (apache)
smtp
pop3
irc (hybrid)
ssh

When setting up the system, I followed the following tutorial (almost toa T... though I did a few things different):


http://www.howtoforge.com/perfect_setup_ubuntu_6.06

Since the system is on my local network, I know there's only one IP I'vegot to worry about, and this is the only target machine.


Any ideas where I should start? What information might help?

Thanks.

~Xor

Current thread:

Pen-Testing New Server - Where to start? Security (Nov 13)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
  - Re: Pen-Testing New Server - Where to start? Security (Nov 14)
    - Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? crazy frog crazy frog (Nov 14)
- <Possible follow-ups>
- Re: Pen-Testing New Server - Where to start? theosdguy (Nov 14)
- Re: Pen-Testing New Server - Where to start? none (Nov 14)
- Re: Pen-Testing New Server - Where to start? rohnskii (Nov 14)
- Re: Re: Pen-Testing New Server - Where to start? adrian-lazar (Nov 14)
- Re: Pen-Testing New Server - Where to start? krymson (Nov 16)