Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Pen-test Freesshd 1.10

from [Clemens, Dan] Network Security [Permanent Link]
Subject: RE: Pen-test Freesshd 1.10
Date: Fri, 22 Dec 2006 08:45:07 -0600 


Steven,

Don't get too discouraged. 

As far as using the metasploit module for this, have you tried different
payloads?
Have you validated the operating system you are attacking?

As for other avenues - 
 
What other services are running on the box?
Have you tried enumerating users on the machine?
Have you tried brute forcing logins with hydra?
Have you checked to see what udp services are running?
Did you look at all the ports on the box or did you run nmap <target>
with the default port options?

Are you getting any errors on ./slashing with metasploit?
Have you tried sniffing the connection for your exploit to see if
anything comes back?
Do you firewall rules setup on your attacking machine?

Just thought I'd throw out questions for you. We all get stuck from time
to time and sometimes an outside party asking questions can re-jog your
memory or help you troubleshoot.

-Daniel Clemens

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Saehrig, Steven
Sent: Thursday, December 21, 2006 1:57 PM
To: pen-test@securityfocus.com
Subject: Pen-test Freesshd 1.10

Hello all,

This is the first time sending to the list I would like to know some way
to pen-test a sftp server I have setup on our network. I have tried nmap
for open ports and I have tried metasploit for buffer overflows that I
found on Google. Are there any programs or tricks I should know to try
and break into this. I am basically proving the security of the
application for production use.
Thank you for any advise you can give me.

Steven

------------------------------------------------------------------------
------------------------------------------------------------------------
--
This e-mail and any attachments transmitted with it are proprietary,
confidential and legally protected from disclosure.If you are not the
intended recipient, or agent of the intended recipient, you are hereby
notified that any reading, disclosure, distribution, or use of this
message or its attachments is strictly prohibited. If you received this
message in error, please notify the sender immediately and delete or
destroy all copies of the message and any attachments thereto.

-----------------------------------------
Confidentiality Notice: This e-mail communication and any
attachments may contain confidential and privileged information for
the use of the designated recipients named above. If you are not
the intended recipient, you are hereby notified that you have
received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in
error, please notify me immediately by replying to this message and
deleting it from your computer. Thank you.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Port 1443, Lee Lawson
Next by Date:  Re: Banner Grabbing, sami ghourabi
Previous by Thread:  Pen-test Freesshd 1.10, Saehrig, Steven
Next by Thread:  Re: Pen-test Freesshd 1.10, Jamie Riden
Indexes:  [Date] [Thread] [Top] [All Lists]