Penetration Testing mailing list archives
Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: "Rossman, Hart M." <HART.M.ROSSMAN () SAIC COM>
Date: Mon, 11 Sep 2000 13:26:55 -0400
I've been using VMWare 2.0 for NT with both Redhat 6.2 and OpenBSD 2.6 for a couple of months now on a laptop with 128MB Ram. I have the network setup in the bridged config. I've found it incredibly useful for validating tool output and obviously using unixes (unices?) robustness without having to constantly reboot (or schedule/order) the testing steps too carefully. It can bog down your NT system though if you don't have enough memory. One thing I have had some trouble with though is using sniffers (mostly snort and NAI Sniffer Pro). I've had some difficulty validating the accuracy of the data from the shim drivers. I haven't tried using the localnetwork config or a dual/simul network config. Hart Rossman -----Original Message----- From: Teicher, Mark [mailto:mark.teicher () NETWORKICE COM] Sent: Sunday, September 10, 2000 11:39 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: How to "break into" the Pen-Testing field Has anyone considered utilizing a Red Hat Linux 6.2 box running VMWare for Windows NT. ??? Instead of having a multi-boot disk or multiple disk packs. It appears that some of these tools are available for both platforms. One is absolutely correct, it really depends on the type of penetration test one is engaged to conduct. But what really is Industry Best Practices. I know some high end consulting services like to utilize a mixture of commercial and freely available network and host based scanners to give an overall analysis. Then parse through the results to formulate a network and host map. What tool would be used first and what would be the secondary tool to validate any false positives one may discover??? Is there any manual massaging of the data?? Would you turn over the raw data to the customer?? /mark At 06:17 PM 9/10/00 -0400, Frasnelli, Dan wrote:
What would be the typical tool suite one would use on a Pen Test??I assume you meant the usual network-based penetration test by that. If you are asked to mess with a client's pbx/vmb, physical security, employees, etc... there are other techniques or hardware involved. Most penetration tests are conducted in two phases: exploration and exploitation. I recommend you tailor a software 'tool suite' with those as guidelines. Depending on your style, organizing tools this way may or may not be efficient. Below are examples biased towards Unix; perhaps an NT person has suggestions for that platform. Exploration and Analysis - portscanners: nmap (www.insecure.org) - sniffers: tcpdump (www.tcpdump.org) ngrep (sourceforge.net/projects/ngrep) dsniff (www.monkey.org/~dugsong/dsniff) - vuln scanners: vlad (razor.bindview.com/tools/) whisker (sourceforge.net/projects/whisker) - Samba, nbtscan, l0phtcrack & other tools for windows networks - the inevitable custom code and scripts Exploitation - hunt (www.gncz.cz/kra/index.html) - misc tools (www.ussrback.com, www.packetfactory.net) - whatever is current from packetstorm/ussrlabs/bugtraq/etc. for the targets. This category is dynamic and typically contains unreleased exploits, in-house code, etc. Its also the attack phase which causes most 'script kiddies' grief, as it requires a lot of creative tweaking to avoid detection. A portable computer and disc with various tools compiled for your platform of choice is a good starting point for a network penetration kit. -dan
Current thread:
- Re: [PEN-TEST] Visio bites, (continued)
- Re: [PEN-TEST] Visio bites batz (Sep 14)
- [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) batz (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Jose Nazario (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)
- [PEN-TEST] VMware Greg (Sep 11)