Penetration Testing mailing list archives
Re: Re[2]: Generating awareness amongst IT staff
From: pand0ra <pand0ra.usa () gmail com>
Date: Sun, 3 Dec 2006 14:57:18 -0700
Why is there a discussion on doing an attack against live systems? The whole purpose if the topic is to give the administrators a clue on security. You can demonstrate that without compromising live systems. It takes little time to setup a VM server and attack that without risking any live systems. Heck, you could even take the image of a live system and use that for your VM server if you wanted to make it more realistic. As for an AS/400 or what not there are images of those out there as well that will run on VM. But as this is an introduction doing something with an AS/400 is excessive. The point can be made with a simple Windows\Linux box. It might even be helpful to give the admins a hands-on for the demo but that depends on how responsible they are and if you can trust them with that information (but then again you should be able to trust them regardless or they should not be there). On 12/3/06, Roman Shirokov <insecure () yandex ru> wrote:
Hello, Jerome. You wrote > btw Metasploit could just be used to create a file on a target (a common > technique to show that a system is ownable without disturb it)... > My 3 cents... > /JA > This message was checked by NOD32 antivirus system. > http://www.eset.com Anyway the stack will be corrupted and unhandled execution may crash a system. I think using exploits on the opertional servers which have to function 24x7 is too dangerous. First of all agreement should be signed. -- Best regards, Roman securitybox () softhome net http://securitybox.org.ru ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Re: Generating awareness amongst IT staff bulgaro76 (Dec 01)
- Re: Generating awareness amongst IT staff Jerome Athias (Dec 03)
- Re[2]: Generating awareness amongst IT staff Roman Shirokov (Dec 03)
- Re: Re[2]: Generating awareness amongst IT staff pand0ra (Dec 03)
- Re: Re[2]: Generating awareness amongst IT staff nick leachman (Dec 05)
- Re: Re[2]: Generating awareness amongst IT staff pand0ra (Dec 05)
- Re[2]: Generating awareness amongst IT staff Roman Shirokov (Dec 03)
- Re: Generating awareness amongst IT staff Jerome Athias (Dec 03)
- <Possible follow-ups>
- Re: Generating awareness amongst IT staff Faheem SIDDIQUI (Dec 03)
- RE: Re: Generating awareness amongst IT staff Michael Scheidell (Dec 03)
- Re: Generating awareness amongst IT staff Eagle Fire (Dec 03)