Re: Exploit Archive

[Francisco Sáa Muñoz aka n3z <fsm () aesthechnics com>]

Quoting chewy <chewy () pandora be>:

> > On Sat, 14 Aug 2004, DokFLeed.Net wrote:
>
> > > *verify the OS fingerprinting you get , then optimize your test.
> > > *test only what's open, don't be a dreamer and try to audit a closed
> port, I
> > > have seen it happening. and I bet each tester on his first project did
> it,
> > > its the enthusiasm rather than experience.
>
> I'm just wondering how do you remotely check for applications that use a
> level of authentication based on port knocking without beeing a dreamer
> then ?


Usually, people use the software with default configuration.

When auditing, I try usually a lil' script against cd00r (hail to the first),
SAdoor, toctoc and the other portknocking's software defaults.

As easy as is.

--
]-* Francisco Sáa Muñoz a.k.a. Nuno Treez
Security Junkee since 1996
Linux User #119288
mame.dk #115087
Utinam barbari spatium proprium tuum invadant!
*-[EOF]



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------