Re: LAN pen test

[Bruno Cesar Moreira de Souza <bcmsouza () yahoo com br>]

Hi

Only a review of my statement in the last post,
because I think was not enough clear:

"you could try ... exploiting an Internet Explorer
flaw..."

change for this:

"If you were doing an internal pen-test trying to own
the network administrator workstation, you could try
to do a DNS poisoning or just an arp poisoning attack
(take a look on ettercap and dsniff) to redirect the
http connection of your target, for your 'evil' http
service with a 0day Internet Explorer exploit."

Cheers,

Bruno Cesar M. de Souza

--- Bruno Cesar Moreira de Souza
<bcmsouza () yahoo com br> escreveu:

> Hi,
>
> For an updated XP machine, whithout additional
> network
> services or network applications, maybe you will
> need
> a 0day exploit - an exploit for a vulnerability not
> yet patched by the vendor. Sometimes, security
> researches disclose 0day exploits for the public.
> Recently, some exploits for Internet Explorer and MS
> Office applications were disclosed before Microsoft
> could patch the holes. If you were doing an internal
> pen-test trying to own the network administrator
> workstation, you could try to do a DNS poisoning or
> just an arp poisoning attack (take a look on
> ettercap
> and dsniff) to redirect the target for your web
> site,
> exploiting an Internet Explorer flaw, for example.
>
> But if you can´t find a known vulnerability for your
> target, you can try by yourself discover a security
> hole and write an exploit. 
>
> A suggestion: in the learning of the "pen-test art"
> is
> better to first understand deeper the common kinds
> of
> vulnerabilities and have the fundamentals, instead
> of
> just run exploits downloaded from the web.
>
>
> Best Regards,
>
> Bruno Cesar Moreira de Souza
>
> --- mifa () stangercorp com escreveu:
>
> > I have gone through the eh course and I still do
> not
> > feel like I can really understand how to pen test.
>
> > None of the exploits or methods seem to work on a
> > updated xp machine.  I set up a vm ware network to
> > practice on.  I can not seem to make any progress
> > because the information I have is outdated.  
> >
> > Can anyone point me to a resource that would help
> me
> > gain access to an xp machine that is running
> > automatic updates (my vm).  I cant seem to do it
> one
> > the lan any way other than to use a trojan and
> what
> > would be to point of pen testing a system if the
> > only way in is via trojan; thats standard
> seucrity,
> > dont run programs from email, blah blah blah...
------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download
> > Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> >
------------------------------------------------------------------------
> >
>
>
>
>       
>
>       
>               
_______________________________________________________
> Você quer respostas para suas perguntas? Ou você
> sabe muito e quer compartilhar seu conhecimento?
> Experimente o Yahoo! Respostas !
> http://br.answers.yahoo.com/


__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------