-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For exploits try searching Packetstorm, you will find most exploits
there. I usually start from the dirtree its easier than trying to use
the half-broken search feature.
http://www.packetstormsecurity.org/dirtree.html
For methodology try www.osstmm.org/
For pen testing I have dual boot + vmware running on Windows and
Linux + a second laptop (with dual boot as well).
What works for me is a base OS with a basic set of tools installed
and then task specific vmware images on top (both for testing and
attacking). I install and uninstall software on the vmware images as
I go (and then just revert when Im finished).
Pen testing Windows environments can be done from a Windows box
fairly easy, but everything else (*nix, network devices and wireless)
will in most cases only be possible from a Linux box. I have also
found that testing attacks in my own vmware emulated environment
before trying it on my client's target helps to speed up the pentest
and reduce uncertainty along the way.
Regarding the approach: research as you go. You can't possibly know
everything upfront, it's to much and moves too fast. Each pen test is
a learning experience, try new things every time (even if it seems
not to be necessary). I just try to have as much fun as I can! The
rest is easy if you enjoy it.
Victor
- -----Original Message-----
From: DeMott Jared [mailto:demott_jared@bah.com]
Sent: Tuesday, August 17, 2004 8:44 AM
To: pen-test@securityfocus.com
Subject: Exploit Archive
Gang:
I was wondering if anyone has a nice archive of Windows, Unix, etc.
exploits (fully functional) they'd be willing to share. I'm about to
do the first pen-test of our network. I know that I can identify
"potential" flaws using Nessus, but my boss has asked that I prove to
him each and every "potential" weakness. I've been told that you can
find many exploits out on the web, but it's been such a hassle trying
to find all of what I'm looking for!
Also, I've been reading the discussion about methodology some people
have been having:
1.) Vulnerability Assessment 2.) Penetration Test
-Gather data -Pretend
not
to know data
-Assess potential weakness -Try to Hack into
the network
-Determine what current patch levels are -Report successes or
failures
(does someone have this data?)
-Recommend all necessary corrections
Does anyone have a more complete methodology paper? I've been
hearing some of the pros and cons of the above two. Do you normally
do both, or just whatever people what? I assume the first is more
difficult and time consuming; is that true?
The approach is certainly important, but even more intimidating: I
feel like I need to know everything about varying brands of
firewalls, routers, switches/hubs, VLANs, VPNs, Web Applications,
Windows, Unix, Netware, etc., etc., etc.! I'm pretty experienced in
Unix and Firewalls, but does anyone have any advise on dealing with
the shear magnitude of data necessary? Also, from the more practical
tools stand point, do you guys just have everything loaded on one
"attack" laptop.
Dual boot, or VmWare?
Thanks so much!
Jared DeMott
Vulnerability Analyst
Booz | Allen | Hamilton
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQSL9CL6TmquzxiX9EQLU8ACg1QRe4SqU3ihUgfjOp2Y1MlID/hMAoPN4
OUWhdaoe5QqVwMref5cTnLgY
=jm+D
-----END PGP SIGNATURE-----
