From: Clemens, Dan (Dan.Clemens@healthsouth.com)
Date: Fri Jul 07 2006 - 09:51:13 EDT
I think this gives a good visual representation of the use of many
tools. I don't necessarily think introducing new students to all the
tools is the best way to formalize them into the art of penetration
testing.
Are you stressing of equal importance to the new pentester the value of
asking the right questions so they can use the right tools? Or is the
goal to have things as repeatable as possible or other...?
Outside of philosophy, I had just a few notes to add while I can:
Port 80/http services
- add httprint.
Terminal Services/3389
- add TSGrinder
http://www.blackhat.com/presentations/bh-u...s-03-mullen.pdf
tsgrinder-2.03
SSH
- add scanssh
- also add review of hostkey files, for each user on the machine
to see what other machines the end user connects to.
Also, I didn't see anything for microsoft sql servers in your list, nor
did I see the the viewing of web applications or anything for mysql.
I would also add in a section for every web application server along
with default usernames and configurations to check out for each
application server.
I saw allot of items for automated sql scanners, but did not see any
proxy tools , or documentation to guide the pentester into the strange
waters of web application testing.
You could also add once gain some level of access to a computer to do
x,y,z (checking permissions etc).
-Daniel Clemens
-----Original Message-----
From: killy [mailto:killfactory@gmail.com]
Sent: Thursday, July 06, 2006 9:45 PM
To: Mario Platt
Cc: Toggmeister@vulnerabilityassessment.co.uk;
pen-test@securityfocus.com
Subject: Re: Pen Testing Map
@ Togg
nice. alot of work.
@Mario
I would love to see what you did also.
@everyone else
Anyone else have something similair to share?
On 7/6/06, Mario Platt <mplatt@gmail.com> wrote:
> Hi Toggmeister,,
>
> I've done something a bit similar, it has some things that yours
> doesn't have but I think yours is more complete. I will send it to
> you, and if you want to post it or take some ideas from it, be my
> guest
>
> On 6 Jul 2006 19:08:58 -0000,
> Toggmeister@vulnerabilityassessment.co.uk
> <Toggmeister@vulnerabilityassessment.co.uk> wrote:
> > Hi,
> >
> > I've been pen testing for a few months now and find that with all
the tools out there and which tool to use on what I lose track. We also
have new joiners to our organisation and to help with that I've STARTED
to put together a help guide to a basic pen test, including what
requirements are need for the test, tools to use on what, syntax, links
to their sites etc.. I'm basically after:
> >
> >
> > Constructive Feedback
> >
> > Helpful tips and pointers:
> >
> > Tools and Syntax for other ports not listed
> >
> > (I've done about 25 services so far)
> >
> > Other Suggestions
> >
> >
> > Its available here:
> >
> >
> > http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
> >
> >
> > Its very busy, but I'm trying to be as verbose as possible to
> > provide as much info as possible. Basically a one-stop shop for a
> > newbie
> >
> >
> > I've used freemind (thanks for the pointer nebs)
> > http://freemind.sourceforge.net/wiki/index.php/Main_Page
> >
> > to generate this and I'm hoping may prove useful and a good reminder
when I forget.
> >
> >
> > Hope this helps. TIA
> >
> >
> > Toggmeister
> >
> > http://www.vulnerabilityassessment.co.uk
> >
> > --------------------------------------------------------------------
> > ----------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the
> > Analyst's Choice Award from eWeek. As attacks through web
> > applications continue to rise, you need to proactively protect your
> > applications from hackers. Cenzic has the most comprehensive
> > solutions to meet your application security penetration testing and
> > vulnerability management needs. You have an option to go with a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed
> > service can help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to
> > confirm your results from other product. Contact us at
request@cenzic.com for details.
> > --------------------------------------------------------------------
> > ----------
> >
> >
>
> ----------------------------------------------------------------------
> --------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the
> Analyst's Choice Award from eWeek. As attacks through web applications
> continue to rise, you need to proactively protect your applications
> from hackers. Cenzic has the most comprehensive solutions to meet your
> application security penetration testing and vulnerability management
> needs. You have an option to go with a managed service (Cenzic
> ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
> FREE whitepaper on how a managed service can help you:
> http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm
> your results from other product. Contact us at request@cenzic.com for
details.
> ----------------------------------------------------------------------
> --------
>
>
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------
-----------------------------------------
Confidentiality Notice: This e-mail communication and any
attachments may contain confidential and privileged information for
the use of the designated recipients named above. If you are not
the intended recipient, you are hereby notified that you have
received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in
error, please notify me immediately by replying to this message and
deleting it from your computer. Thank you.
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:14 EDT