Penetration Testing mailing list archives

Re: linux pen-test

From: Chris Benedict <chrisb () daemonnews org>
Date: Tue, 09 Aug 2005 20:56:29 -0500



okrehel () loews com wrote:

Bruno,

Tried to get application versions of these services and see if they have
any security flaws reported in the past.

Use "nc" or "telnet" to service, grab banners.


My 2 cents:

That is not always accurate though, the admin can easily modify a fewlines of code and change the version number or anything else thebanner displays.


SMTP maybe can list users,

port 80 could have
a web server with cgi or some application running bugs, run nikto or others
CGI scanners.
Maybe you can upload some code into the web server.  Be creative.
Maybe 110 pop3 can give you some info about users, perhaps you can brute
force some accounts there, etc...

Ondrej Krehel


<SNIP>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Current thread:

linux pen-test Bruno Kovacs (Aug 04)
- RE: linux pen-test Leandro Reox (Aug 05)
- Re: linux pen-test frank boldewin (Aug 05)
- Re: linux pen-test Adli Abdul Wahid (Aug 05)
- Re: linux pen-test okrehel (Aug 05)
  - Re: linux pen-test Chris Benedict (Aug 10)
- Re: linux pen-test Javier Fernandez-Sanguino (Aug 08)
- <Possible follow-ups>
- Re: linux pen-test securityfocus (Aug 05)
  - Re: linux pen-test s0u1d13r s0u1d13r (Aug 06)