Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: LAN pen test

from [Nelson Brito] Network Security [Permanent Link]
Subject: RE: LAN pen test
Date: Fri, 8 Dec 2006 18:17:13 -0200 
Why don't you try ARPSpoofing, so you can own all the network telling other
machines that you, from know, are the router. ;-) 


-----Original Message-----
From: listbounce@securityfocus.com 
[mailto:listbounce@securityfocus.com] On Behalf Of Bruno 
Cesar Moreira de Souza
Sent: Thursday, December 07, 2006 3:48 PM
To: pen-test@securityfocus.com
Subject: Re: LAN pen test

Hi

Only a review of my statement in the last post, because I 
think was not enough clear:

"you could try ... exploiting an Internet Explorer flaw..."

change for this:

"If you were doing an internal pen-test trying to own the 
network administrator workstation, you could try to do a DNS 
poisoning or just an arp poisoning attack (take a look on 
ettercap and dsniff) to redirect the http connection of your 
target, for your 'evil' http service with a 0day Internet 
Explorer exploit."

Cheers,

Bruno Cesar M. de Souza

--- Bruno Cesar Moreira de Souza
<bcmsouza@yahoo.com.br> escreveu:


Hi,

For an updated XP machine, whithout additional network services or 
network applications, maybe you will need a 0day exploit - 

an exploit 

for a vulnerability not yet patched by the vendor. 

Sometimes, security 

researches disclose 0day exploits for the public.
Recently, some exploits for Internet Explorer and MS Office 
applications were disclosed before Microsoft could patch 

the holes. If 

you were doing an internal pen-test trying to own the network 
administrator workstation, you could try to do a DNS 

poisoning or just 

an arp poisoning attack (take a look on ettercap and dsniff) to 
redirect the target for your web site, exploiting an 

Internet Explorer 

flaw, for example.

But if you can´t find a known vulnerability for your 

target, you can 

try by yourself discover a security hole and write an exploit.

A suggestion: in the learning of the "pen-test art"
is
better to first understand deeper the common kinds of 

vulnerabilities 

and have the fundamentals, instead of just run exploits downloaded 
from the web.


Best Regards,

Bruno Cesar Moreira de Souza

--- mifa@stangercorp.com escreveu:


I have gone through the eh course and I still do

not

feel like I can really understand how to pen test.



None of the exploits or methods seem to work on a updated xp 
machine.  I set up a vm ware network to practice on.  I 

can not seem 

to make any progress because the information I have is outdated.

Can anyone point me to a resource that would help

me

gain access to an xp machine that is running automatic 

updates (my 

vm).  I cant seem to do it

one

the lan any way other than to use a trojan and

what

would be to point of pen testing a system if the only way 

in is via 

trojan; thats standard

seucrity,

dont run programs from email, blah blah blah...





--------------------------------------------------------------
----------

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.




http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW





--------------------------------------------------------------
----------







    

    
            


_______________________________________________________


Você quer respostas para suas perguntas? Ou você sabe muito e quer 
compartilhar seu conhecimento?
Experimente o Yahoo! Respostas !
http://br.answers.yahoo.com/




__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
?camp=701600000008bOW
--------------------------------------------------------------
----------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IP Location database like IP2Location.com, Joxean Koret
Next by Date:  Re: blackberry pen test, Zed Qyves
Previous by Thread:  Re: LAN pen test, Bruno Cesar Moreira de Souza
Next by Thread:  Re: LAN pen test, Krugger
Indexes:  [Date] [Thread] [Top] [All Lists]