RE: Pentesting lab

["Reggie Wheeler" <wheeler90 () comcast net>]

Metasploit is a great free tool. That is now owned by a company called
Rapid7 that makes a great free and somewhat expensive security tool called
Nexpose.  This is a tool that I use alongside metasploit due to the fact
that it will point out exploits that are readily exploitable with
metasploit.  I can even run my scans for vulnerabilities and exploit them
with metasploit autopwn.  If the exploits are not available in metasploit I
can look them up via CVE: # and then search the vast number of exploits with
in the Milw0rm database.  This doesn't make me a script kiddie it just means
that I don't write my own exploits.  I do however have to modify some or
most of the Milw0rm exploit code in order to get a remote shell.


Thank You,
Reginald Wheeler, Owner
A+, Networking+, MCSE 2003
1907 Hampton Dr.
Sandy Springs, GA 30350
Ph:678.615.2997
wheeler90 () comcast net
Universal Systems Consulting LLC
Simplifying IT





-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Matt Gardenghi
Sent: Monday, February 15, 2010 3:42 PM
To: woman
Cc: s3c.b3n; pen-test () securityfocus com
Subject: Re: Pentesting lab

Um, you just said that Metasploit is a script kiddies tool.  Not sure if
your define script kiddies tools as "free" and professional tools as
"expensive," but that statement is ludicrous.  Most (all?) pros that I have
ever heard of/met/read use Metasploit.  You can't go wrong with it and
frankly, I'd stand it up against Core Impact any day of the week.  
The difference is that Core has a better interface.

But, seriously, Metasploit isn't a skiddie tool, it's a powerful tool that
happens to be free.

/rant

On 2/10/2010 5:25 PM, woman wrote:
> Hi,
>
> Just keep your expectation on low level when you will tell at the work 
> interview about that you are using metasploit.
> In the real word at the security companies this tool is considered as 
> tool for kids under age 12.
>
> Additional thing:
> Someone here wrote about malware analysis. I don't think that you have 
> to study both subjects at one time:
> One subject is pen-testing and second subject is malware analysis.
>
> For doing pen-testing you have to gain a huge knowledge NETWORKING --> 
> protocols and relevant RFC , devices; bridges, routers, switches, etc 
> ...
> For doing malware analysis you have to know Operating System 
> infrastructure -->  processes, memory, etc ... and of course C and 
> Assembly
>
> My advise : just leave malware analysis for later time.
>
> -----------
> Woman
>
>
> On Sat, Jan 9, 2010 at 7:20 PM, s3c.b3n<securitybender () gmail com>  wrote:
>    
> > This link is really amazing.
> >
> > Thanks a lot
> >
> > On Tue, Jan 5, 2010 at 3:32 PM, charles watathi 
> > <charleswatathi () gmail com>  wrote:
> >      
> > > Hi,
> > >
> > > For a detailed review of what you can setup when coming up with a 
> > > pentesting lab, kindly check the link below. It includes most of the 
> > > labs you should setup,security challenges and where you can go and 
> > > "train"
> > >
> > > http://blog.securitymonks.com/2009/08/23/learning-by-doing-hacker-ch
> > > allenges-and-practice-sites/
> > >
> > > Regards
> > > Charles
> > >
> > > On 1/4/10, Elliot Fernandes<elliotfernandes () yahoo com>  wrote:
> > >        
> > > > For pentesting windows your setup seems good, but not enough. Try 
> > > > to get more, like: you'd need to test out attacking SNMP, bruteforcing
SSH, ....
> > > > and also have a large wordlist ready for all of this, and generate 
> > > > some rainbow tables. You'd need these for password attacks.
> > > >
> > > > --- On Mon, 1/4/10, Swaminathan, 
> > > > Balaji<Balaji.Swaminathan () kla-tencor com>
> > > > wrote:
> > > >
> > > >          
> > > > > From: Swaminathan, Balaji<Balaji.Swaminathan () kla-tencor com>
> > > > > Subject: RE: Pentesting lab
> > > > > To: "Elliot Fernandes"<elliotfernandes () yahoo com>, "s3c.b3n"
> > > > > <securitybender () gmail com>
> > > > > Cc: pen-test () securityfocus com
> > > > > Date: Monday, January 4, 2010, 5:01 PM
> > > > >
> > > > > Exactly....I am doing the same thing in addition to running Win 
> > > > > Server 2k3...Backtrack and Metasploit as attacker are good and 
> > > > > flexible to use.
> > > > > As you mentioned Netbios ports alone, I feel, are not enough...Wat 
> > > > > do you say...? In addition i am installing SQL, SMTP, IIS and etc 
> > > > > and then fine tuning them depending upon the exploit success rate.
> > > > > Is that fine
> > > > > or anything more left to be focused?
> > > > >
> > > > > Thank you for pointing out malware testing.
> > > > >
> > > > >
> > > > > Regards,
> > > > >
> > > > > Balaji Swaminathan .M
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: listbounce () securityfocus com 
> > > > > [mailto:listbounce () securityfocus com]
> > > > > On Behalf Of Elliot Fernandes
> > > > > Sent: Monday, January 04, 2010 2:04 AM
> > > > > To: s3c.b3n
> > > > > Cc: pen-test () securityfocus com
> > > > > Subject: RE: Pentesting lab
> > > > >
> > > > > You could run vmware, and install windows xp service pack 2. 
> > > > > service pack 2 is used by most people in the windows world, they 
> > > > > havent completely shifted to vista or windows 7. It's already 
> > > > > running vulnerable services mostly on ports 135,139, and 445 tcp.
> > > > > You just need
> > > > > the latest version of metasploit to test it. For analyzing malware 
> > > > > there's a script in python called malware analyzer 
> > > > > http://www.beenuarora.com/code/analyse_malware.py . But you will 
> > > > > need the PE module from google code 
> > > > > http://code.google.com/p/pefile in the same folder. The malware 
> > > > > analyzer is amazingly good for analyzing botnet-binaries and 
> > > > > viruses and such. You'll also need Olly Debug and IDA pro. Have 
> > > > > two VMs ready, one windows for the victim, and linux, preferably 
> > > > > backtrack for the attacker. That should about do. Oh, you could 
> > > > > also have a Honeypot ready to catch exploits from the wild. you 
> > > > > could have them separated from your normal network.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------------------
> > > > > ------ This list is sponsored by: Information Assurance 
> > > > > Certification Review Board
> > > > >
> > > > > Prove to peers and potential employers without a doubt that you 
> > > > > can actually do a proper penetration test. IACRB CPT and CEPT 
> > > > > certs require a full practical examination in order to become 
> > > > > certified.
> > > > >
> > > > >
> > > > > http://www.iacertification.org
> > > > > ------------------------------------------------------------------
> > > > > ------
> > > > >
> > > > >
> > > > >            
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------------------
> > > > ----- This list is sponsored by: Information Assurance 
> > > > Certification Review Board
> > > >
> > > > Prove to peers and potential employers without a doubt that you can 
> > > > actually do a proper penetration test. IACRB CPT and CEPT certs 
> > > > require a full practical examination in order to become certified.
> > > >
> > > > http://www.iacertification.org
> > > > -------------------------------------------------------------------
> > > > -----
> > > >
> > > >
> > > >          
> > >        
> >
> >
> > --
> > s3c b3n
> >
> > ---------------------------------------------------------------------
> > --- This list is sponsored by: Information Assurance Certification 
> > Review Board
> >
> > Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.
> > http://www.iacertification.org
> > ---------------------------------------------------------------------
> > ---
> >
> >
> >      
> ----------------------------------------------------------------------
> -- This list is sponsored by: Information Assurance Certification 
> Review Board
>
> Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.
> http://www.iacertification.org
> ----------------------------------------------------------------------
> --
>
>    

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------