Penetration Testing mailing list archives
RE: Exploit Archive
From: Víctor Chapela <victorc () emlink com mx>
Date: Tue, 17 Aug 2004 23:54:01 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For exploits try searching Packetstorm, you will find most exploits there. I usually start from the dirtree its easier than trying to use the half-broken search feature. http://www.packetstormsecurity.org/dirtree.html For methodology try www.osstmm.org/ For pen testing I have dual boot + vmware running on Windows and Linux + a second laptop (with dual boot as well). What works for me is a base OS with a basic set of tools installed and then task specific vmware images on top (both for testing and attacking). I install and uninstall software on the vmware images as I go (and then just revert when Im finished). Pen testing Windows environments can be done from a Windows box fairly easy, but everything else (*nix, network devices and wireless) will in most cases only be possible from a Linux box. I have also found that testing attacks in my own vmware emulated environment before trying it on my client's target helps to speed up the pentest and reduce uncertainty along the way. Regarding the approach: research as you go. You can't possibly know everything upfront, it's to much and moves too fast. Each pen test is a learning experience, try new things every time (even if it seems not to be necessary). I just try to have as much fun as I can! The rest is easy if you enjoy it. Victor - -----Original Message----- From: DeMott Jared [mailto:demott_jared () bah com] Sent: Tuesday, August 17, 2004 8:44 AM To: pen-test () securityfocus com Subject: Exploit Archive Gang: I was wondering if anyone has a nice archive of Windows, Unix, etc. exploits (fully functional) they'd be willing to share. I'm about to do the first pen-test of our network. I know that I can identify "potential" flaws using Nessus, but my boss has asked that I prove to him each and every "potential" weakness. I've been told that you can find many exploits out on the web, but it's been such a hassle trying to find all of what I'm looking for! Also, I've been reading the discussion about methodology some people have been having: 1.) Vulnerability Assessment 2.) Penetration Test -Gather data -Pretend not to know data -Assess potential weakness -Try to Hack into the network -Determine what current patch levels are -Report successes or failures (does someone have this data?) -Recommend all necessary corrections Does anyone have a more complete methodology paper? I've been hearing some of the pros and cons of the above two. Do you normally do both, or just whatever people what? I assume the first is more difficult and time consuming; is that true? The approach is certainly important, but even more intimidating: I feel like I need to know everything about varying brands of firewalls, routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix, Netware, etc., etc., etc.! I'm pretty experienced in Unix and Firewalls, but does anyone have any advise on dealing with the shear magnitude of data necessary? Also, from the more practical tools stand point, do you guys just have everything loaded on one "attack" laptop. Dual boot, or VmWare? Thanks so much! Jared DeMott Vulnerability Analyst Booz | Allen | Hamilton -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQSL9CL6TmquzxiX9EQLU8ACg1QRe4SqU3ihUgfjOp2Y1MlID/hMAoPN4 OUWhdaoe5QqVwMref5cTnLgY =jm+D -----END PGP SIGNATURE-----
Current thread:
- Re: Exploit Archive, (continued)
- Re: Exploit Archive chewy (Aug 19)
- Re: Exploit Archive Francisco Sáa Muñoz aka n3z (Aug 20)
- Re: Exploit Archive Kevin Sheldrake (Aug 18)
- Re: Exploit Archive Ereshkigal (Aug 19)
- Re: Exploit Archive Jacob Uecker (Aug 18)
- Re: Exploit Archive A.R. (Aug 19)
- Re: Exploit Archive Ramsey Consulting Services (Aug 19)
- Re: Exploit Archive Senser (Aug 20)
- Re: Exploit Archive Robert Rich (Aug 20)
- RE: Exploit Archive Michael Zanetta (Aug 23)
- Re: Exploit Archive Robert Rich (Aug 20)
- RE: Exploit Archive Víctor Chapela (Aug 20)
- RE: Exploit Archive Todd Towles (Aug 20)
- Re: Exploit Archive Jacob Uecker (Aug 20)
- Re: Exploit Archive Jose Maria Lopez (Aug 24)
- Re: Exploit Archive Jacob Uecker (Aug 20)
- RE: Exploit Archive Altheide, Cory B. (IARC) (Aug 20)
- RE: Exploit Archive Strand, John (Aug 21)
- Re: Exploit Archive bora . dal (Aug 23)
- RE: Exploit Archive Todd Towles (Aug 24)
- Re: Exploit Archive George Lantz (Aug 24)