Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploit Archive

From: Ramsey Consulting Services <ramseycs () bellsouth net>
Date: Tue, 17 Aug 2004 20:26:45 -0400
Have you looked at PacketStorm? http://www.packetstormsecurity.org/ . They have a lot of exploit code there, as well as links to various tools, papers, word lists, etc. Re: feeling like you need to know *everything*, while knowing the ins and outs of a lot of hardware, software, and OS's doesnt hurt (Learn all you can! It helps, and its fun!), I dont think its necessary to know everything about every piece of kit out there to do what youre trying to do here. Think about it... what would your attacker need to know to get the job done? Everything about everything, or everything about *your* hardware? If I were an attacker, I would feel out your network first, then learn everything I could about your particular operating systems, services, and hardware, then attack it. You may have already read this book, but you might take a look at Network Security Assessment by Chris McNab (Its an Oreilly book). Its not a particularly long book, but its a good start, in my opinion. Its an easy read, covers various methods of information gathering, tools, and exploits (with examples, as well as links to download the tools and code for yourself). 

Dedric Ramsey
Ramsey Consulting Services


DeMott Jared wrote:

Gang:

I was wondering if anyone has a nice archive of Windows, Unix, etc.
exploits (fully functional) they'd be willing to share.  I'm about to do
the first pen-test of our network.  I know that I can identify
"potential" flaws using Nessus, but my boss has asked that I prove to
him each and every "potential" weakness.  I've been told that you can
find many exploits out on the web, but it's been such a hassle trying to
find all of what I'm looking for!

Also, I've been reading the discussion about methodology some people
have been having:

1.) Vulnerability Assessment                  2.) Penetration Test
    -Gather data                                            -Pretend not
to know data
    -Assess potential weakness                      -Try to Hack into
the network
    -Determine what current patch levels are   -Report successes or
failures
     (does someone have this data?)
    -Recommend all necessary corrections

Does anyone have a more complete methodology paper?  I've been hearing
some of the pros and cons of the above two.  Do you normally do both, or
just whatever people what?  I assume the first is more difficult and
time consuming; is that true?

The approach is certainly important, but even more intimidating:  I feel
like I need to know everything about varying brands of firewalls,
routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix,
Netware, etc., etc., etc.!  I'm pretty experienced in Unix and
Firewalls, but does anyone have any advise on dealing with the shear
magnitude of data necessary?  Also, from the more practical tools stand
point, do you guys just have everything loaded on one "attack" laptop.
Dual boot, or VmWare?

Thanks so much!

Jared DeMott
Vulnerability Analyst
Booz | Allen | Hamilton
Previous By Date Next
Previous By Thread Next

Current thread: