From: DokFLeed.Net (dokfleed@dokfleed.net)
Date: Sat Aug 14 2004 - 00:45:41 EDT
Well,
you solved your own problem "I've been told that you can
> find many exploits out on the web, but it's been such a hassle trying to
> find all of what I'm looking for! "
the problem is what are you looking for?
running an automated tool will not be your salvation, most of them ,even the
very expensive ones, seem to ignore some serious holes, and I mean most of
them without naming any.
lets say , I got a client paid 45K $ on tools and they couldn't pickup
what's happening, even when he chose all the audits available on each of
them.
your worries should go away , by your own methodology, you are even in a
better situation since you aren't starting a Zero-Knowledge testing.
*run a discovery tool, Nmap is enough and great.
*what ever results of open ports you get verify it, a simple telnet to this
port at least
*verify the OS fingerprinting you get , then optimize your test.
*test only what's open, don't be a dreamer and try to audit a closed port, I
have seen it happening. and I bet each tester on his first project did it,
its the enthusiasm rather than experience.
*Enumerate the services you get, try to get the version, behavior, how it
works, read about the product, its knowledgebase , support, FAQs, ( after
some projects, you will find out that you learnt about most of the
products).
* search for exploits if you cant code your own, google it , securityfocus
of course, plus hundreds of other sites.
* if you cant find any then you will have to try your own 0day xploit :)
* make a plan, don't just start chasing IPs, write down the IPs, the stage
you are at, results, document everything.
Hopefully you find it all fine, but the problem then isn't technical , its
bizness
a secured customer isn't a happy customer, nobody likes to hear that they
paid money and they are ok, for them as managers its a waste of money ,
remember this.
btw, old xploit archives aren't that valuable, you will find it easily
online and mostly the old systems will be patched.
try this link, am trying to post all the links and tools there, it isn't
complete yet
http://www.isnsc.com/links.html
hope it helped
DokFLeed
Would you rather hack and go to jail, or hack and get paid !
=========================
----- Original Message -----
From: "DeMott Jared" <demott_jared@bah.com>
To: <pen-test@securityfocus.com>
Sent: Tuesday, August 17, 2004 5:43 PM
Subject: Exploit Archive
> Gang:
>
> I was wondering if anyone has a nice archive of Windows, Unix, etc.
> exploits (fully functional) they'd be willing to share. I'm about to do
> the first pen-test of our network. I know that I can identify
> "potential" flaws using Nessus, but my boss has asked that I prove to
> him each and every "potential" weakness. I've been told that you can
> find many exploits out on the web, but it's been such a hassle trying to
> find all of what I'm looking for!
>
> Also, I've been reading the discussion about methodology some people
> have been having:
>
> 1.) Vulnerability Assessment 2.) Penetration Test
> -Gather data -Pretend not
> to know data
> -Assess potential weakness -Try to Hack into
> the network
> -Determine what current patch levels are -Report successes or
> failures
> (does someone have this data?)
> -Recommend all necessary corrections
>
> Does anyone have a more complete methodology paper? I've been hearing
> some of the pros and cons of the above two. Do you normally do both, or
> just whatever people what? I assume the first is more difficult and
> time consuming; is that true?
>
> The approach is certainly important, but even more intimidating: I feel
> like I need to know everything about varying brands of firewalls,
> routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix,
> Netware, etc., etc., etc.! I'm pretty experienced in Unix and
> Firewalls, but does anyone have any advise on dealing with the shear
> magnitude of data necessary? Also, from the more practical tools stand
> point, do you guys just have everything loaded on one "attack" laptop.
> Dual boot, or VmWare?
>
> Thanks so much!
>
> Jared DeMott
> Vulnerability Analyst
> Booz | Allen | Hamilton
>
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT