Penetration Testing mailing list archives
RE: LAN pen test
From: mifa () stangercorp com
Date: Wed, 13 Dec 2006 16:57:44 -0600
That is a great suggestion. Why is snmp vulnerable before patching with the following? Microsoft Security Bulletin MS06-074 Vulnerability in SNMP Could Allow Remote Code Execution (926247) -----Original message----- From: "Clemens, Dan" Dan.Clemens () healthsouth com Date: Thu, 07 Dec 2006 19:56:16 -0600 To: "Jerome Athias" jerome.athias () free fr Subject: RE: LAN pen test
Tacking on something to what Jerome's posting - Another perspective may be to try to get the list to focus more on 'why' questions in contrast to 'how' questions. How questions are good, but why questions tend to lend information that the end user could learn from.Can anyone point me to a resource that would help me gain access to anxp machine that is running automatic updates (my vm). If the computer is running automatic updates you will probably have to have an unpublished vulnerability, or try to look for ways the computer was setup by the administrator that may lend to remote access . (eg default or null passwords etc). ImmunitySec has a good resource for vulnerability sharing that isn't shared with the public at large, but I doubt that is what you are looking for.I cant seem to do it one the lan any way other than to use a trojanand what would be to point of pen testing a system if the only way in isvia trojan; thats standard seucrity, dont run programs from email,blah blah blah... What about installing a few different revisions of XP on your vmware lab. XP SP0 XP SP1 XP SP2 Or organize your vm sessions by each monthly patch to test specific vulnerabilities that you have exploits for. - Daniel Clemens ----------------------------------------- Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: LAN pen test, (continued)
- Re: LAN pen test Cleiton Martins (Dec 05)
- Re: LAN pen test killy (Dec 07)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- Re: LAN pen test Pete Herzog (Dec 10)
- Re: LAN pen test Christine Kronberg (Dec 11)
- Re: LAN pen test anonymouse (Dec 05)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- RE: LAN pen test Nelson Brito (Dec 10)
- Re: LAN pen test Krugger (Dec 10)
- Re: LAN pen test Nick (Dec 11)
- RE: LAN pen test mifa (Dec 16)