Penetration Testing mailing list archives
Re: Cross testing exploit with vulnerability scan results
From: Chroot <chrooted () gmail com>
Date: Sun, 29 Jul 2007 09:50:42 +0530
Wood, without knowing all facts making a statement is not a sign of pen tester.. I'm here to share something with fellow testers and not to know what I am and what I am not... Nevertheless I appreciate and agree with your success story and that of Steve's... I have had similar experience... vulnerability scanners often miss configuration, authentication and authorization flaws... and a whole lot of stuff... Having said that I understand what Vulnerability Scanners do well and use them for that... and if I've come across well that is what I meant in my query... Let's take this scenario: 1. We run NMAP and find that target runs IIS6.0 (through banner grabbing and telneting) 2. We run Nessus and find that it doesn't report any holes 3. We run WebInspect and manually test for SQL Injection, XSS and similar issues Let's assume a scenario where Nessus had an issue with some NASL script and it couldn't catch a issue in this IIS6.0 ... To counter such scenarios I can think of three cases: 1. Run Retina on the target and cross check results 2. Download all possible exploits for IIS6.0 and manually test them against target (ofcourse I'll test them on my test network first) 3. Install another version of Nessus may be 2.x or 3.x on a Windows system and cross check... My query with fellow testers is is there a fourth option and what is a preferred option from 3 above and why.. THNX On 7/28/07, Morning Wood <se_cur_ity () hotmail com> wrote:
I've been conducting pen tests since 4 yrs now... the methodology I follow is that we exploit or attempt to exploit ONLY those vulnerabilities that a vulnerability scanner identifies.your not a pentester... your a vulnerability scanner kiddi... nothing more, nothing less. Nearly 100% of my successfull pentest were from flaws not uncovered by a vuln scan, found by manual techniques. cheers! m.w
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Cross testing exploit with vulnerability scan results Chroot (Jul 27)
- Re: Cross testing exploit with vulnerability scan results John M. Martinelli (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Morning Wood (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Jan Heisterkamp (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Chroot (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Christine Kronberg (Jul 29)
- RE: Cross testing exploit with vulnerability scan results Steve Armstrong (Jul 28)
- RE: Cross testing exploit with vulnerability scan results Sol_Invictus (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Chroot (Jul 30)
- Looking to set up an infosec lab John M. Martinelli (Jul 30)
- RE: Cross testing exploit with vulnerability scan results Sol_Invictus (Jul 28)
- Re: Cross testing exploit with vulnerability scan results Anders Thulin (Jul 29)
- Re: Cross testing exploit with vulnerability scan results jussi jaakonaho (Jul 29)