Security Basics mailing list archives
Re: Pen-Testing New Server - Where to start?
From: rohnskii () gmail com
Date: 14 Nov 2007 04:17:35 -0000
OK, so you've "found out" a little about the site you are "attacking". Now you have to find out some more. Try to find out the specific applications providing those services, their versions, and the state of their patching. One tool you can try to help ID versions is Nessus. As you find that info, go to the web and search for known vulnerabilities for the apps / versions and try to attack those vulnerabilities to see if they have been patched properly. Search the web for and try to default userid's and passwords for admin features on the hardware and software, see if they have been changed (this is one of the most common vulnerabilities). This should give you a start.
Current thread:
- Pen-Testing New Server - Where to start? Security (Nov 13)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? Security (Nov 14)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? Security (Nov 14)
- Re: Pen-Testing New Server - Where to start? crazy frog crazy frog (Nov 14)
- <Possible follow-ups>
- Re: Pen-Testing New Server - Where to start? theosdguy (Nov 14)
- Re: Pen-Testing New Server - Where to start? none (Nov 14)
- Re: Pen-Testing New Server - Where to start? rohnskii (Nov 14)
- Re: Re: Pen-Testing New Server - Where to start? adrian-lazar (Nov 14)
- Re: Pen-Testing New Server - Where to start? krymson (Nov 16)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)