VmWare and Pen-test Learning

From: IRM (irm@iinet.net.au)
Date: Sun Aug 06 2006 - 04:58:19 EDT

• Next message: StyleWar: "RE: Vulnerability Assessment vs. PenTest"
• Previous message: Will: "Rolex, Tag Heuer, Breitling, Louis Vuitton, Cartier"
• Next in thread: Erin Carroll: "RE: VmWare and Pen-test Learning"
• Reply: Erin Carroll: "RE: VmWare and Pen-test Learning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,

I would like to learn about Penetration testing or maybe Vulnerability
Assessment (?) or whatever it is called. I have set up a few machines on
VMWare - Windows 2000 Server, Windows 2003 Server and Solaris 9.0. These
machines are unpatched with no updates or service pack.

Basically what I would like to achieve in this task is to demonstrate
that these machine are not secured. Thus by using a well-known exploit
that are available in the public space , people can easily exploit the
system and gain administrator privilege either by Local exploit or
Remote Exploit.

Now, the question is that, where to start? Can people suggest me where
should I start?

Should I start using Nessus and identify all the vulnerabilities that
are applicable on these machines? And start to do some research on
securityfocus.com i.e. to find the exploit?

Or maybe if there is a list of vulnerabilities for each of the operating
system, I think that would be great! Because I know that Unicode Exploit
on IIS 4.0 is quite famous at that time. Is there similar thing on
Windows 2003? Is there a list available like TOP 10 Exploit or
something?

Cheers,
John

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: StyleWar: "RE: Vulnerability Assessment vs. PenTest"
• Previous message: Will: "Rolex, Tag Heuer, Breitling, Louis Vuitton, Cartier"
• Next in thread: Erin Carroll: "RE: VmWare and Pen-test Learning"
• Reply: Erin Carroll: "RE: VmWare and Pen-test Learning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:34 EDT