Penetration Testing mailing list archives
RE: LAN pen test
From: "Clemens, Dan" <Dan.Clemens () healthsouth com>
Date: Wed, 6 Dec 2006 08:46:22 -0600
Tacking on something to what Jerome's posting - Another perspective may be to try to get the list to focus more on 'why' questions in contrast to 'how' questions. How questions are good, but why questions tend to lend information that the end user could learn from.
Can anyone point me to a resource that would help me gain access to an
xp machine that is running automatic updates (my vm). If the computer is running automatic updates you will probably have to have an unpublished vulnerability, or try to look for ways the computer was setup by the administrator that may lend to remote access . (eg default or null passwords etc). ImmunitySec has a good resource for vulnerability sharing that isn't shared with the public at large, but I doubt that is what you are looking for.
I cant seem to do it one the lan any way other than to use a trojan
and what would be to point of pen testing a system if the only way in is
via trojan; thats standard seucrity, dont run programs from email,
blah blah blah... What about installing a few different revisions of XP on your vmware lab. XP SP0 XP SP1 XP SP2 Or organize your vm sessions by each monthly patch to test specific vulnerabilities that you have exploits for. - Daniel Clemens ----------------------------------------- Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- LAN pen test mifa (Dec 05)
- Re: LAN pen test Jerome Athias (Dec 05)
- Re: LAN pen test Krugger (Dec 07)
- RE: LAN pen test Clemens, Dan (Dec 07)
- Re: LAN pen test Cleiton Martins (Dec 05)
- Re: LAN pen test killy (Dec 07)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- Re: LAN pen test Pete Herzog (Dec 10)
- Re: LAN pen test Christine Kronberg (Dec 11)
- <Possible follow-ups>
- Re: LAN pen test anonymouse (Dec 05)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- RE: LAN pen test Nelson Brito (Dec 10)
- Re: LAN pen test Krugger (Dec 10)
- Re: LAN pen test Nick (Dec 11)
(Thread continues...)
- Re: LAN pen test Jerome Athias (Dec 05)