Penetration Testing mailing list archives
Re: LAN pen test
From: Bruno Cesar Moreira de Souza <bcmsouza () yahoo com br>
Date: Thu, 7 Dec 2006 00:41:06 -0300 (ART)
Hi, For an updated XP machine, whithout additional network services or network applications, maybe you will need a 0day exploit - an exploit for a vulnerability not yet patched by the vendor. Sometimes, security researches disclose 0day exploits for the public. Recently, some exploits for Internet Explorer and MS Office applications were disclosed before Microsoft could patch the holes. If you were doing an internal pen-test trying to own the network administrator workstation, you could try to do a DNS poisoning or just an arp poisoning attack (take a look on ettercap and dsniff) to redirect the target for your web site, exploiting an Internet Explorer flaw, for example. But if you can´t find a known vulnerability for your target, you can try by yourself discover a security hole and write an exploit. A suggestion: in the learning of the "pen-test art" is better to first understand deeper the common kinds of vulnerabilities and have the fundamentals, instead of just run exploits downloaded from the web. Best Regards, Bruno Cesar Moreira de Souza --- mifa () stangercorp com escreveu:
I have gone through the eh course and I still do not feel like I can really understand how to pen test. None of the exploits or methods seem to work on a updated xp machine. I set up a vm ware network to practice on. I can not seem to make any progress because the information I have is outdated. Can anyone point me to a resource that would help me gain access to an xp machine that is running automatic updates (my vm). I cant seem to do it one the lan any way other than to use a trojan and what would be to point of pen testing a system if the only way in is via trojan; thats standard seucrity, dont run programs from email, blah blah blah...
------------------------------------------------------------------------
This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
_______________________________________________________ Você quer respostas para suas perguntas? Ou você sabe muito e quer compartilhar seu conhecimento? Experimente o Yahoo! Respostas ! http://br.answers.yahoo.com/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- LAN pen test mifa (Dec 05)
- Re: LAN pen test Jerome Athias (Dec 05)
- Re: LAN pen test Krugger (Dec 07)
- RE: LAN pen test Clemens, Dan (Dec 07)
- Re: LAN pen test Cleiton Martins (Dec 05)
- Re: LAN pen test killy (Dec 07)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- Re: LAN pen test Pete Herzog (Dec 10)
- Re: LAN pen test Christine Kronberg (Dec 11)
- <Possible follow-ups>
- Re: LAN pen test anonymouse (Dec 05)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- RE: LAN pen test Nelson Brito (Dec 10)
- Re: LAN pen test Krugger (Dec 10)
- Re: LAN pen test Nick (Dec 11)
- RE: LAN pen test mifa (Dec 16)
- Re: LAN pen test Jerome Athias (Dec 05)