RE: VmWare and Pen-test Learning

["Erin Carroll" <amoeba () amoebazone com>]

Welcome to the pen-test world John. 

Now before everyone freaks out about why I let essentially a basic newbie
question on the list here's why and what kind of responses I was hoping for:
I like to play pool. But in order to get better I do lots of drills of
simple shots over and over. Some people prefer to practice in other ways. In
a similar vein, what types of exercises should John do to increase his
skills and expand his knowledge? I know how I practice my pen-test skills to
stay sharp but hearing some other methods people use might give me some
ideas or other ways to tackle things.

So, he's got Vmware and a couple of images to play with. What kinds of
drills should he work on?

--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 

> -----Original Message-----
> From: IRM [mailto:irm () iinet net au] 
> Sent: Sunday, August 06, 2006 1:58 AM
> To: pen-test () securityfocus com
> Subject: VmWare and Pen-test Learning
>
> Hi all,
>
> I would like to learn about Penetration testing or maybe 
> Vulnerability Assessment (?) or whatever it is called. I have 
> set up a few machines on VMWare - Windows 2000 Server, 
> Windows 2003 Server and Solaris 9.0. These machines are 
> unpatched with no updates or service pack. 
>
> Basically what I would like to achieve in this task is to 
> demonstrate that these machine are not secured. Thus by using 
> a well-known exploit that are available in the public space , 
> people can easily exploit the system and gain administrator 
> privilege either by Local exploit or Remote Exploit.
>
> Now, the question is that, where to start? Can people suggest 
> me where should I start? 
>
> Should I start using Nessus and identify all the 
> vulnerabilities that are applicable on these machines? And 
> start to do some research on securityfocus.com i.e. to find 
> the exploit?
>
> Or maybe if there is a list of vulnerabilities for each of 
> the operating system, I think that would be great! Because I 
> know that Unicode Exploit on IIS 4.0 is quite famous at that 
> time. Is there similar thing on Windows 2003? Is there a list 
> available like TOP 10 Exploit or something?
>
> Cheers,
> John
>
>
>
>  
>
>
> --------------------------------------------------------------
> ----------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security? 
> Why not go with the #1 solution - Cenzic, the only one to win 
> the Analyst's Choice Award from eWeek. As attacks through web 
> applications continue to rise, you need to proactively 
> protect your applications from hackers. Cenzic has the most 
> comprehensive solutions to meet your application security 
> penetration testing and vulnerability management needs. You 
> have an option to go with a managed service (Cenzic 
> ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
> Download FREE whitepaper on how a managed service can help 
> you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to 
> confirm your results from other product. Contact us at 
> request () cenzic com for details.
> --------------------------------------------------------------
> ----------------
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.394 / Virus Database: 268.10.7/410 - Release 
> Date: 8/5/2006
>  

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.7/410 - Release Date: 8/5/2006
 


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------