Metasploit mailing list archives
Pen-Testing and Metasploit Question
From: professor0110 at gmail.com (Professor 0110)
Date: Tue, 21 Apr 2009 17:51:30 +1000
Thanks for the replies everyone! :) @metafan
Now about the tools, BackTrack is sufficient though if your company (or
yourself) has enough money then go buy Core Impact. Then you'll have everything you need and you don't really need any skills. How many exploits are included with Core Impact currently? @The Doctor
Greetings, salutations, and health.
Thank you. Same for you. :)
There are also sometimes surprises in the networks that you
may be tasked with testing - undocumented firewalls protecting a particular project's enclave, for example. Scan it all you want, it looks locked down tighter than a drum, but you might not know about the Server 2k machines behind it that have not been patched in years... How would one expect to circumvent a firewall such as this without stumbling upon a previously undiscovered vulnerability?
My apologies if this sounds disjointed, I'm writing it off and on all
day at work. It's kind of busy right now. Thank you for taking the time to answer my questions. :D
Do you have any questions that I could answer?
You're obviously a professional penetration tester, so I was wondering what tools you use on the job. Also, do you use exploits off milw0rm and places such as that? Or do you use products such as Metasploit and Core Impact for the most part? Also, an open question here to everyone: Is it really necessary to employ both Nmap and Nessus if Nmap can identify open ports, listening services, associated versions, and the operating system? I'm saying this because if I see an open port with a listening service, I can search whether that version of software listening on the open port is vulnerable to an exploit. If it is, I can attempt to exploit it. Also, one thing: Would it be possible to perform a Pen Test with just Nmap, Metasploit and various Network Tools such as Ping, WHOIS, etc, etc? Finally, what are the recommended tools that a Pen Tester should have in his/her toolkit? Thanks, Professor 0110 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090421/f97e6118/attachment.htm>
Current thread:
- Pen-Testing and Metasploit Question Professor 0110 (Apr 19)
- Pen-Testing and Metasploit Question chuks Jonia (Apr 19)
- Pen-Testing and Metasploit Question max (Apr 21)
- Pen-Testing and Metasploit Question Ronald L. Rosson Jr. (Apr 21)
- Pen-Testing and Metasploit Question max (Apr 21)
- Pen-Testing and Metasploit Question rogue (Apr 20)
- Pen-Testing and Metasploit Question chuks Jonia (Apr 20)
- Message not available
- Pen-Testing and Metasploit Question Professor 0110 (Apr 21)
- Pen-Testing and Metasploit Question MaXe (Apr 22)
- Pen-Testing and Metasploit Question Professor 0110 (Apr 21)
- Pen-Testing and Metasploit Question chuks Jonia (Apr 19)
- Pen-Testing and Metasploit Question Simon Taplin (Apr 22)
- Pen-Testing and Metasploit Question pandini pandini (Apr 23)
- Pen-Testing and Metasploit Question Kevin Beaver (Apr 23)
- Pen-Testing and Metasploit Question Ben Nell (Apr 23)
- Pen-Testing and Metasploit Question pandini pandini (Apr 29)
- Pen-Testing and Metasploit Question Matt Gardenghi (Apr 30)
- Pen-Testing and Metasploit Question chuks Jonia (May 02)
- Pen-Testing and Metasploit Question Matt Gardenghi (May 04)
- Pen-Testing and Metasploit Question Kevin Beaver (May 04)
- Pen-Testing and Metasploit Question pandini pandini (Apr 23)