Penetration Testing mailing list archives
RE: Pentesting lab
From: "Swaminathan, Balaji" <Balaji.Swaminathan () kla-tencor com>
Date: Mon, 4 Jan 2010 18:31:18 +0530
Exactly....I am doing the same thing in addition to running Win Server 2k3...Backtrack and Metasploit as attacker are good and flexible to use. As you mentioned Netbios ports alone, I feel, are not enough...Wat do you say...? In addition i am installing SQL, SMTP, IIS and etc and then fine tuning them depending upon the exploit success rate. Is that fine or anything more left to be focused? Thank you for pointing out malware testing. Regards, Balaji Swaminathan .M -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Elliot Fernandes Sent: Monday, January 04, 2010 2:04 AM To: s3c.b3n Cc: pen-test () securityfocus com Subject: RE: Pentesting lab You could run vmware, and install windows xp service pack 2. service pack 2 is used by most people in the windows world, they havent completely shifted to vista or windows 7. It's already running vulnerable services mostly on ports 135,139, and 445 tcp. You just need the latest version of metasploit to test it. For analyzing malware there's a script in python called malware analyzer http://www.beenuarora.com/code/analyse_malware.py . But you will need the PE module from google code http://code.google.com/p/pefile in the same folder. The malware analyzer is amazingly good for analyzing botnet-binaries and viruses and such. You'll also need Olly Debug and IDA pro. Have two VMs ready, one windows for the victim, and linux, preferably backtrack for the attacker. That should about do. Oh, you could also have a Honeypot ready to catch exploits from the wild. you could have them separated from your normal network. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Pentesting lab chr1x (Jan 04)
- <Possible follow-ups>
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- Re: Pentesting lab s3c.b3n (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 04)
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 05)
- Hacking and Building Web Applications Swaminathan, Balaji (Jan 05)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 11)
- Re: Hacking and Building Web Applications J. Bakshi (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Pentesting lab charles watathi (Jan 06)
- Re: Pentesting lab s3c.b3n (Jan 11)
- Re: Pentesting lab s3c.b3n (Jan 11)