Penetration Testing mailing list archives

Re: Exploit Archive

From: "Kevin Sheldrake" <kev () electriccat co uk>
Date: Wed, 18 Aug 2004 07:19:24 +0100

www.k-otik.com (but you'll need to be able to read French)

www.securityfocus.com - use the search feature for service names andversions

www.packetstormsecurity.org - ;)
www.tgs-security.com - read their papers

Get yourself a play rig where you cat test things out.

And, above all, if you're not confident, hire a good consultant.

Kev

Gang:

I was wondering if anyone has a nice archive of Windows, Unix, etc.
exploits (fully functional) they'd be willing to share.  I'm about to do
the first pen-test of our network.  I know that I can identify
"potential" flaws using Nessus, but my boss has asked that I prove to
him each and every "potential" weakness.  I've been told that you can
find many exploits out on the web, but it's been such a hassle trying to
find all of what I'm looking for!

Also, I've been reading the discussion about methodology some people
have been having:

1.) Vulnerability Assessment                  2.) Penetration Test
    -Gather data                                            -Pretend not
to know data
    -Assess potential weakness                      -Try to Hack into
the network
    -Determine what current patch levels are   -Report successes or
failures
     (does someone have this data?)
    -Recommend all necessary corrections

Does anyone have a more complete methodology paper?  I've been hearing
some of the pros and cons of the above two.  Do you normally do both, or
just whatever people what?  I assume the first is more difficult and
time consuming; is that true?

The approach is certainly important, but even more intimidating:  I feel
like I need to know everything about varying brands of firewalls,
routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix,
Netware, etc., etc., etc.!  I'm pretty experienced in Unix and
Firewalls, but does anyone have any advise on dealing with the shear
magnitude of data necessary?  Also, from the more practical tools stand
point, do you guys just have everything loaded on one "attack" laptop.
Dual boot, or VmWare?

Thanks so much!

Jared DeMott
Vulnerability Analyst
Booz | Allen | Hamilton




--
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd


--
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.262 / Virus Database: 264.6.3 - Release Date: 16/08/2004

Current thread:

Exploit Archive DeMott Jared (Aug 17)
- Re: Exploit Archive DokFLeed.Net (Aug 18)
  - Re: Exploit Archive R. DuFresne (Aug 18)
    - Re: Exploit Archive chewy (Aug 19)
    - Re: Exploit Archive Francisco Sáa Muñoz aka n3z (Aug 20)
- Re: Exploit Archive Kevin Sheldrake (Aug 18)
  - Re: Exploit Archive Ereshkigal (Aug 19)
- Re: Exploit Archive Jacob Uecker (Aug 18)
- Re: Exploit Archive A.R. (Aug 19)
- Re: Exploit Archive Ramsey Consulting Services (Aug 19)
- Re: Exploit Archive Senser (Aug 20)
  - Re: Exploit Archive Robert Rich (Aug 20)
    - RE: Exploit Archive Michael Zanetta (Aug 23)
- <Possible follow-ups>
- RE: Exploit Archive Víctor Chapela (Aug 20)
- RE: Exploit Archive Todd Towles (Aug 20)
  - Re: Exploit Archive Jacob Uecker (Aug 20)

(Thread continues...)