Penetration Testing mailing list archives
Re: Re[2]: Generating awareness amongst IT staff
From: pand0ra <pand0ra.usa () gmail com>
Date: Mon, 4 Dec 2006 09:59:49 -0700
http://www.bsp-gmbh.com/hercules/ Sorry, it had been a while. It is just a mainframe emulator that runs on Windows systems. On 12/4/06, nick leachman <nleachman () gmail com> wrote:
Hi, You mention an image of an AS/400 for vmware - can you please provide details? - Nick On 12/3/06, pand0ra <pand0ra.usa () gmail com> wrote: > Why is there a discussion on doing an attack against live systems? The > whole purpose if the topic is to give the administrators a clue on > security. You can demonstrate that without compromising live systems. > It takes little time to setup a VM server and attack that without > risking any live systems. Heck, you could even take the image of a > live system and use that for your VM server if you wanted to make it > more realistic. As for an AS/400 or what not there are images of those > out there as well that will run on VM. But as this is an introduction > doing something with an AS/400 is excessive. The point can be made > with a simple Windows\Linux box. It might even be helpful to give the > admins a hands-on for the demo but that depends on how responsible > they are and if you can trust them with that information (but then > again you should be able to trust them regardless or they should not > be there). > > On 12/3/06, Roman Shirokov <insecure () yandex ru> wrote: > > Hello, Jerome. > > > > You wrote > > > > > > > btw Metasploit could just be used to create a file on a target (a common > > > technique to show that a system is ownable without disturb it)... > > > > > My 3 cents... > > > /JA > > > This message was checked by NOD32 antivirus system. > > > http://www.eset.com > > > > Anyway the stack will be corrupted and unhandled execution may crash a > > system. I think using exploits on the opertional servers which have to > > function 24x7 is too dangerous. First of all agreement should be > > signed. > > > > -- > > Best regards, > > Roman > > securitybox () softhome net > > http://securitybox.org.ru > > > > > > ------------------------------------------------------------------------ > > This List Sponsored by: Cenzic > > > > Need to secure your web apps? > > Cenzic Hailstorm finds vulnerabilities fast. > > Click the link to buy it, try it or download Hailstorm for FREE. > > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW > > ------------------------------------------------------------------------ > > > > ------------------------------------------------------------------------ > This List Sponsored by: Cenzic > > Need to secure your web apps? > Cenzic Hailstorm finds vulnerabilities fast. > Click the link to buy it, try it or download Hailstorm for FREE. > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW > ------------------------------------------------------------------------ > > -- "The Lord bless you and keep you; the Lord make His face to shine upon you, and be gracious to you; the Lord lift up His countenance upon you, and give you peace." Num. 6:24-26
"I do not believe in free will." - Einstein ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Re: Generating awareness amongst IT staff bulgaro76 (Dec 01)
- Re: Generating awareness amongst IT staff Jerome Athias (Dec 03)
- Re[2]: Generating awareness amongst IT staff Roman Shirokov (Dec 03)
- Re: Re[2]: Generating awareness amongst IT staff pand0ra (Dec 03)
- Re: Re[2]: Generating awareness amongst IT staff nick leachman (Dec 05)
- Re: Re[2]: Generating awareness amongst IT staff pand0ra (Dec 05)
- Re[2]: Generating awareness amongst IT staff Roman Shirokov (Dec 03)
- Re: Generating awareness amongst IT staff Jerome Athias (Dec 03)
- <Possible follow-ups>
- Re: Generating awareness amongst IT staff Faheem SIDDIQUI (Dec 03)
- RE: Re: Generating awareness amongst IT staff Michael Scheidell (Dec 03)
- Re: Generating awareness amongst IT staff Eagle Fire (Dec 03)