Penetration Testing mailing list archives
RE: Laboratory Setup Help (RS)
From: "Javier Fernandez-Sanguino" <jfernandez () germinus com>
Date: Thu, 31 Jan 2002 09:44:44 +0100
You can find information on vulnerable packages from the distribution's main site. I don't know about others, but Debian, for example, dedicates security.debian.org for this. Since the advisories are there you can check out which Debian GNU/Linux packages are vulnerable. Of course, you can always use Bugtraq (www.securityfocus.com) for information on vulnerabilities and see the cross-relationships with GNU/Linux distributions (either the database or the advisories sent to the mailing list). Regards Javier Fernandez-Sanguino
-----Mensaje original----- De: Arturo "Buanzo" Busleiman [mailto:buanzo () buanzo com ar] Enviado el: miercoles, 30 de enero de 2002 18:09 Para: pen-test () securityfocus com Asunto: Laboratory Setup Help (RS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =- To moderator -= Moderator, my last post didn't go thru because you told me to search the archives. I did that, and found a couple of results, but I kindly request you to let this post pass, as my findings weren't exactly what I needed. *please* :) =- EOM Hello world's pen-testers! I was employeed last month by a company who wants to setup a Pen-Test laboratory that I will lead. The environment would be an homogeneous GNU/Linux network. What I need is you to recommend versions of the following packages/combinations: FTP, Apache/Cgi/MySQL, DNS, sendmail, etc that are remotely exploitable for gaining shell access (or the possibility to execute commands on the remote system), AND some local exploits to acquire root privileges. Of course, if you can lead me to specific documentation regarding the exploits of those packages versions, I will greatly appreciate it and be most thankful. Thank you very much to all of you! Arturo "Buanzo" Busleiman - -=( RareGaZz-Team Member )=- GNU/Linux USERS, MP Ediciones GNU's es_AR Translation Team Leader Moderador de Seguridad () alipso com Turcin Soluciones Informaticas http://www.turcin.com.ar http://www.buanzo.com.ar PGP/GnuPG Public Key available at horowitz.surfnet.nl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8WCjI+kypiSoPpFoRAorxAJ47A3y5H7PMeNDRg154XwHqznvNdwCfcTcA 4OvlZoAueBCUXWCCPTEwvTM= =1Mku -----END PGP SIGNATURE----- -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Laboratory Setup Help (RS) Arturo "Buanzo" Busleiman (Jan 30)
- <Possible follow-ups>
- RE: Laboratory Setup Help (RS) Javier Fernandez-Sanguino (Jan 31)