RE: Laboratory Setup Help (RS)

[Marcelo Gulin <gulinma () bytefinder ath cx>]

Hi!

  Or reverse your search. Search for exploits first and then download that 
apps that you know that are vulnerable. There's a lot of sites with 
local/remote exploits for various daemons.

regards
Marcelo Gulin


At 31/01/2002 05:44, Javier Fernandez-Sanguino wrote:

> You can find information on vulnerable packages from the distribution's
> main site. I don't know about others, but Debian, for example, dedicates
> security.debian.org for this. Since the advisories are there you can
> check out which Debian GNU/Linux packages are vulnerable.
>
> Of course, you can always use Bugtraq (www.securityfocus.com) for
> information on vulnerabilities and see the cross-relationships with
> GNU/Linux distributions (either the database or the advisories sent to
> the mailing list).
> Regards
>
> Javier Fernandez-Sanguino
>
> > -----Mensaje original-----
> > De: Arturo "Buanzo" Busleiman [mailto:buanzo () buanzo com ar]
> > Enviado el: miercoles, 30 de enero de 2002 18:09
> > Para: pen-test () securityfocus com
> > Asunto: Laboratory Setup Help (RS)
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > =- To moderator -=
> > Moderator, my last post didn't go thru because you told me to
> > search the
> > archives. I did that, and found a couple of results, but I
> > kindly request
> > you to let this post pass, as my findings weren't exactly
> > what I needed.
> > *please* :)
> > =- EOM
> >
> > Hello world's pen-testers!
> >
> > I was employeed last month by a company who wants to setup a Pen-Test
> > laboratory that I will lead. The environment would be an homogeneous
> > GNU/Linux network.
> >
> > What I need is you to recommend versions of the following
> > packages/combinations: FTP, Apache/Cgi/MySQL, DNS, sendmail, etc
> >
> > that are remotely exploitable for gaining shell access (or
> > the possibility
> > to execute commands on the remote system), AND some local exploits to
> > acquire root privileges.
> >
> > Of course, if you can lead me to specific documentation regarding the
> > exploits of those packages versions, I will greatly
> > appreciate it and be
> > most thankful.
> >
> > Thank you very much to all of you!
> >
> > Arturo "Buanzo" Busleiman
> > - -=( RareGaZz-Team Member )=-
> > GNU/Linux USERS, MP Ediciones
> > GNU's es_AR Translation Team Leader
> > Moderador de Seguridad () alipso com
> > Turcin Soluciones Informaticas http://www.turcin.com.ar
> > http://www.buanzo.com.ar
> > PGP/GnuPG Public Key available at horowitz.surfnet.nl
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.4 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE8WCjI+kypiSoPpFoRAorxAJ47A3y5H7PMeNDRg154XwHqznvNdwCfcTcA
> > 4OvlZoAueBCUXWCCPTEwvTM=
> > =1Mku
> > -----END PGP SIGNATURE-----
> >
> >
> > --------------------------------------------------------------
> > --------------
> > This list is provided by the SecurityFocus Security
> > Intelligence Alert (SIA)
> > Service. For more information on SecurityFocus' SIA service which
> > automatically alerts you to the latest security
> > vulnerabilities please see:
> > https://alerts.securityfocus.com/
> >
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/