Re: LAN pen test

From: Bruno Cesar Moreira de Souza (bcmsouza@yahoo.com.br)
Date: Wed Dec 06 2006 - 22:41:06 EST

• Next message: Angelacci, Anna M CTR SPAWAR, J616: "RE: CISSP"
• Previous message: Joey Peloquin: "Re: CISSP"
• In reply to: mifa@stangercorp.com: "LAN pen test"
• Next in thread: Bruno Cesar Moreira de Souza: "Re: LAN pen test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

For an updated XP machine, whithout additional network
services or network applications, maybe you will need
a 0day exploit - an exploit for a vulnerability not
yet patched by the vendor. Sometimes, security
researches disclose 0day exploits for the public.
Recently, some exploits for Internet Explorer and MS
Office applications were disclosed before Microsoft
could patch the holes. If you were doing an internal
pen-test trying to own the network administrator
workstation, you could try to do a DNS poisoning or
just an arp poisoning attack (take a look on ettercap
and dsniff) to redirect the target for your web site,
exploiting an Internet Explorer flaw, for example.

But if you can´t find a known vulnerability for your
target, you can try by yourself discover a security
hole and write an exploit.

A suggestion: in the learning of the "pen-test art" is
better to first understand deeper the common kinds of
vulnerabilities and have the fundamentals, instead of
just run exploits downloaded from the web.

Best Regards,

Bruno Cesar Moreira de Souza

--- mifa@stangercorp.com escreveu:

> I have gone through the eh course and I still do not
> feel like I can really understand how to pen test.
> None of the exploits or methods seem to work on a
> updated xp machine. I set up a vm ware network to
> practice on. I can not seem to make any progress
> because the information I have is outdated.
>
> Can anyone point me to a resource that would help me
> gain access to an xp machine that is running
> automatic updates (my vm). I cant seem to do it one
> the lan any way other than to use a trojan and what
> would be to point of pen testing a system if the
> only way in is via trojan; thats standard seucrity,
> dont run programs from email, blah blah blah...
>
>
------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download
> Hailstorm for FREE.
>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>
------------------------------------------------------------------------
>
>

        
                
_______________________________________________________
Você quer respostas para suas perguntas? Ou você sabe muito e quer compartilhar seu conhecimento? Experimente o Yahoo! Respostas !
http://br.answers.yahoo.com/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Angelacci, Anna M CTR SPAWAR, J616: "RE: CISSP"
• Previous message: Joey Peloquin: "Re: CISSP"
• In reply to: mifa@stangercorp.com: "LAN pen test"
• Next in thread: Bruno Cesar Moreira de Souza: "Re: LAN pen test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:25 EDT