Penetration Testing mailing list archives
Re: nessus exceptions
From: "Andres Riancho" <andresit () fibertel com ar>
Date: Tue, 3 Aug 2004 23:24:47 -0300
Chris , It depends on the type of scan your company pays for but if you want and are carefull with what you do , you could put one or two un-checked inputs on your webpage in order to get some kind of XSS/SQL Injection. This kind of tests arent checked (by default with default plugins) by nessus. If you are looking for something more like a buffer overflow , i suggest you dont put any service online with this kind of flaw , because your testing company could not find them with nessus or the scanner they use but a skilled cracker/hacker/whatever could. Maybe you could put some daemon from the honeypot project [www.honeypots.net] to listen on some host that is scanned but aint really important. But once again... production servers are not a good place to test this. Andres Riancho ----- Original Message ----- From: "Chris Griffin" <cgriffin () dcmindiana com> To: <pen-test () securityfocus com> Sent: Monday, August 02, 2004 3:58 PM Subject: nessus exceptions
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, Im trying to find some good holes, that aren't major security issues, that i can create on a machine to see if our testing company really uses anything other than nessus. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq cC69CeYr16OsfuYu6u1oe8U= =bGZi -----END PGP SIGNATURE-----
Current thread:
- nessus exceptions Chris Griffin (Aug 03)
- RE: nessus exceptions Jerry Shenk (Aug 03)
- Re: nessus exceptions Andres Riancho (Aug 03)
- Re: nessus exceptions Jacco Tunnissen (Aug 09)
- Re: nessus exceptions hellNbak (Aug 03)
- Re: nessus exceptions Mr. Rufus Faloofus (Aug 03)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Stefano Zanero (Aug 10)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Paul Johnston (Aug 05)
- RE: nessus exceptions Marc Heuse (Aug 05)
- Re: nessus exceptions DokFLeed.Net (Aug 05)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- RE: nessus exceptions R. DuFresne (Aug 09)
- RE: nessus exceptions Jerry Shenk (Aug 09)
(Thread continues...)