Penetration Testing mailing list archives

RE: LAN pen test

From: Nelson Brito <nbrito () sekure org>
Date: Fri, 8 Dec 2006 18:17:13 -0200

Why don't you try ARPSpoofing, so you can own all the network telling other
machines that you, from know, are the router. ;-)

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Bruno 
Cesar Moreira de Souza
Sent: Thursday, December 07, 2006 3:48 PM
To: pen-test () securityfocus com
Subject: Re: LAN pen test

Hi

Only a review of my statement in the last post, because I 
think was not enough clear:

"you could try ... exploiting an Internet Explorer flaw..."

change for this:

"If you were doing an internal pen-test trying to own the 
network administrator workstation, you could try to do a DNS 
poisoning or just an arp poisoning attack (take a look on 
ettercap and dsniff) to redirect the http connection of your 
target, for your 'evil' http service with a 0day Internet 
Explorer exploit."

Cheers,

Bruno Cesar M. de Souza

--- Bruno Cesar Moreira de Souza
<bcmsouza () yahoo com br> escreveu:

Hi,

For an updated XP machine, whithout additional network services or 
network applications, maybe you will need a 0day exploit -

an exploit

for a vulnerability not yet patched by the vendor.

Sometimes, security

researches disclose 0day exploits for the public.
Recently, some exploits for Internet Explorer and MS Office 
applications were disclosed before Microsoft could patch

the holes. If

you were doing an internal pen-test trying to own the network 
administrator workstation, you could try to do a DNS

poisoning or just

an arp poisoning attack (take a look on ettercap and dsniff) to 
redirect the target for your web site, exploiting an

Internet Explorer

flaw, for example.

But if you can´t find a known vulnerability for your

target, you can

try by yourself discover a security hole and write an exploit.

A suggestion: in the learning of the "pen-test art"
is
better to first understand deeper the common kinds of

vulnerabilities

and have the fundamentals, instead of just run exploits downloaded 
from the web.


Best Regards,

Bruno Cesar Moreira de Souza

--- mifa () stangercorp com escreveu:

I have gone through the eh course and I still do

not

feel like I can really understand how to pen test.

None of the exploits or methods seem to work on a updated xp 
machine.  I set up a vm ware network to practice on.  I

can not seem

to make any progress because the information I have is outdated.

Can anyone point me to a resource that would help

me

gain access to an xp machine that is running automatic

updates (my

vm).  I cant seem to do it

one

the lan any way other than to use a trojan and

what

would be to point of pen testing a system if the only way

in is via

trojan; thats standard

seucrity,

dont run programs from email, blah blah blah...

--------------------------------------------------------------
----------

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW

--------------------------------------------------------------
----------

    

    
            

_______________________________________________________


Você quer respostas para suas perguntas? Ou você sabe muito e quer 
compartilhar seu conhecimento?
Experimente o Yahoo! Respostas !
http://br.answers.yahoo.com/



__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Re: LAN pen test, (continued)
- Re: LAN pen test Jerome Athias (Dec 05)
  - Re: LAN pen test Krugger (Dec 07)
  - RE: LAN pen test Clemens, Dan (Dec 07)
- Re: LAN pen test Cleiton Martins (Dec 05)
- Re: LAN pen test killy (Dec 07)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- Re: LAN pen test Pete Herzog (Dec 10)
  - Re: LAN pen test Christine Kronberg (Dec 11)
- Re: LAN pen test anonymouse (Dec 05)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
  - RE: LAN pen test Nelson Brito (Dec 10)
  - Re: LAN pen test Krugger (Dec 10)
    - Re: LAN pen test Nick (Dec 11)
- RE: LAN pen test mifa (Dec 16)