Penetration Testing mailing list archives
RE: root kit detection/penetration
From: "Chris Fahey" <cfahey () ceservices com>
Date: Thu, 15 Sep 2005 19:05:04 -0400
if you are going to root a client server you should first do a few things. let them know they are vulnerable to a rootkit attack and get authorization to exploit it. unless it is stipulated in the contract that you will exploit all vulnerabilities black box style. also, do your best that when you root the box you are doing it in the most stealthy way possible (i.e. no DoS). furthermore, document everything you do. i recommend using vmware workstation 5 as your attack platform so as that you can record all of your keystrokes, commands, clicks, etc. this will provide you and your client with very robust documentation of how the box was rooted. ________________________________ From: cdewitt () indepthsec com [mailto:cdewitt () indepthsec com] Sent: Tue 9/13/2005 9:55 AM To: pen-test () securityfocus com Subject: root kit detection/penetration What are the best practices for penetration testing the viability of placing root kits on a client's external servers - vpn, web, app...? And, while I'm asking - what are the best practices or countermeasures for root kit placement? What root kits are still viable/current? All comments/tomatoes welcome...cd ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------- This message (including attachments) contains confidential information from Competitive Edge Services, Ltd. intended for a specific individual and purpose. The contents of this message are protected by law and are only for the viewing or use of the intended recipient. If you are not the intended recipient, you should return this message to Competitive Edge Services, Ltd. and then delete the message. Disclosing, copying, distributing, or acting upon the contents of this message is strictly prohibited. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- root kit detection/penetration cdewitt (Sep 14)
- RE: [lists] root kit detection/penetration Curt Purdy (Sep 14)
- Re: root kit detection/penetration Javier Fernandez-Sanguino (Sep 15)
- RE: root kit detection/penetration Omar A. Herrera (Sep 16)
- <Possible follow-ups>
- RE: root kit detection/penetration Chris Fahey (Sep 16)