RE: LAN pen test

From: Clemens, Dan (Dan.Clemens@healthsouth.com)
Date: Wed Dec 06 2006 - 09:46:22 EST

• Next message: dork@gmx.at: "Re: Loading EXE files directly from memory?"
• Previous message: Clement Dupuis: "RE: Re: CISSP"
• In reply to: Jerome Athias: "Re: LAN pen test"
• Next in thread: anonymouse@anonymous.com: "Re: LAN pen test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tacking on something to what Jerome's posting -

Another perspective may be to try to get the list to focus more on 'why'
questions in contrast to 'how' questions.

How questions are good, but why questions tend to lend information that
the end user could learn from.

> Can anyone point me to a resource that would help me gain access to an
xp machine that is running automatic updates (my vm).

If the computer is running automatic updates you will probably have to
have an unpublished vulnerability, or try to look for ways the computer
was setup by the administrator that may lend to remote access . (eg
default or null passwords etc).

ImmunitySec has a good resource for vulnerability sharing that isn't
shared with the public at large, but I doubt that is what you are
looking for.

> I cant seem to do it one the lan any way other than to use a trojan
and what would be to point of pen testing a system if the only way in is
> via trojan; thats standard seucrity, dont run programs from email,
blah blah blah...


What about installing a few different revisions of XP on your vmware
lab.
        XP SP0
        XP SP1
        XP SP2

Or organize your vm sessions by each monthly patch to test specific
vulnerabilities that you have exploits for.

- Daniel Clemens


-----------------------------------------
Confidentiality Notice: This e-mail communication and any
attachments may contain confidential and privileged information for
the use of the designated recipients named above. If you are not
the intended recipient, you are hereby notified that you have
received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in
error, please notify me immediately by replying to this message and
deleting it from your computer. Thank you.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: dork@gmx.at: "Re: Loading EXE files directly from memory?"
• Previous message: Clement Dupuis: "RE: Re: CISSP"
• In reply to: Jerome Athias: "Re: LAN pen test"
• Next in thread: anonymouse@anonymous.com: "Re: LAN pen test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:25 EDT