Security Basics mailing list archives
Re: Pen-Testing New Server - Where to start?
From: krymson () gmail com
Date: 16 Nov 2007 16:07:08 -0000
Pen-testing a new system can be difficult, especially if there really are few holes in the system as configured. I've found it best, for early teaching/learning to make sure you've built the system with known holes in it. Grab an unpatched Windows XP SP1 box, and attempt to leverage exploits against it (such as Metasploit). Better yet, get a vulnerable system or application from somewhere else. These will have known issues in them, but you won't inherently know them because you didn't build the systems. This should get your feet wet enough to be able to more intelligently tackle something "newer," like Ubuntu 6.06+. www.de-ice.net has several live cd builds with known vulnerabilities. You'll have to sign up to download them, but I think this is an excellent service. DVL (www.damnvulnerablelinux.org) is also a purposefully vulnerable linux distro with various holes in it. Foundstone Hacme (http://www.foundstone.com/us/resources-free-tools.asp) series is a bit more geared towards applications, but can be useful. <- snip -> Hi, I'm new to the InfoSec industry and would like to try my hand at penetration-testing (and securing) a new server I've set up at home. Seeing as I've set up the system, I know all the usernames/passwords used on the box, as well as how everything is set up, but I'd like to approach this as an outside user, pretending that I have none of this information. I want to try to gather information, form an attack plan, and attempt to crack the system from scratch, so that I can later on go back and secure the system against those attacks.
Current thread:
- Pen-Testing New Server - Where to start? Security (Nov 13)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? Security (Nov 14)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? Security (Nov 14)
- Re: Pen-Testing New Server - Where to start? crazy frog crazy frog (Nov 14)
- <Possible follow-ups>
- Re: Pen-Testing New Server - Where to start? theosdguy (Nov 14)
- Re: Pen-Testing New Server - Where to start? none (Nov 14)
- Re: Pen-Testing New Server - Where to start? rohnskii (Nov 14)
- Re: Re: Pen-Testing New Server - Where to start? adrian-lazar (Nov 14)
- Re: Pen-Testing New Server - Where to start? krymson (Nov 16)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)