Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Most Successful Exploits/Tools to use against windows & Linux?

from [Derek Fountain] Network Security [Permanent Link]
Subject: Re: Most Successful Exploits/Tools to use against windows & Linux?
Date: Sat, 26 May 2007 11:40:27 +0100 
Pen Testee wrote:

I am just getting started with Pen Testing and there is soooo much 
information available. 
I am trying to get the most bang for my time spent in getting up to speed. 
What are the best exploits to start with so that I am likely to have the most 
success. 
I am looking for suggestions from both within a network and from an external 
test...please label internal or external when providing your response. 

What are the best links that list tools to use against exploits or exploits 
to try and tool to use. 


When you're starting out, you don't need tools. That's the way to
becoming a script kiddie. What you need is understanding. You need to
learn how systems work, what mistakes their administrators/programmers
make that make them vulnerable, and how those mistakes are exploited in
order to crack the box. Once you understand what you're doing, you'll be
able to choose the right tool for the right circumstances. Once you've
chosen the tool, it'll just make your process more efficient.

OK, lecture over, here's my answer. :o) Note it's /my/ answer - it's
rather subjective.

For external servers, start with SQL injection. It's easy to do and easy
to understand. It's also remarkable how many programmers make the
mistake of putting user input directly into their database queries. This
makes it an attack vector with a high chance of success.

For internal attacks you should be looking at network sniffing. Despite
the increased use of SSL based protocols, there are still loads of
legacy applications in use that send passwords in plain text over
internal networks. You only need to spot one password and chances are
it'll let you into all sorts of accounts. So you'll want to get a book
on TCP/IP and learn to use something like Wireshark to pull passwords
off the wires.



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Legality of WEP Cracking, Nick Selby
Next by Date:  front page extansions, juanbabi
Previous by Thread:  Re: Citrix Pen Test,, Sat Jagat Singh
Next by Thread:  Shadow Security Scanner API SDK documentation, Vivek P
Indexes:  [Date] [Thread] [Top] [All Lists]