From: Ramsey Consulting Services (ramseycs@bellsouth.net)
Date: Tue Aug 17 2004 - 20:26:45 EDT
Have you looked at PacketStorm? http://www.packetstormsecurity.org/ .
They have a lot of exploit code there, as well as links to various
tools, papers, word lists, etc. Re: feeling like you need to know
*everything*, while knowing the ins and outs of a lot of hardware,
software, and OS's doesnt hurt (Learn all you can! It helps, and its
fun!), I dont think its necessary to know everything about every piece
of kit out there to do what youre trying to do here. Think about it...
what would your attacker need to know to get the job done? Everything
about everything, or everything about *your* hardware? If I were an
attacker, I would feel out your network first, then learn everything I
could about your particular operating systems, services, and hardware,
then attack it. You may have already read this book, but you might take
a look at Network Security Assessment by Chris McNab (Its an Oreilly
book). Its not a particularly long book, but its a good start, in my
opinion. Its an easy read, covers various methods of information
gathering, tools, and exploits (with examples, as well as links to
download the tools and code for yourself).
Dedric Ramsey
Ramsey Consulting Services
DeMott Jared wrote:
> Gang:
>
> I was wondering if anyone has a nice archive of Windows, Unix, etc.
> exploits (fully functional) they'd be willing to share. I'm about to do
> the first pen-test of our network. I know that I can identify
> "potential" flaws using Nessus, but my boss has asked that I prove to
> him each and every "potential" weakness. I've been told that you can
> find many exploits out on the web, but it's been such a hassle trying to
> find all of what I'm looking for!
>
> Also, I've been reading the discussion about methodology some people
> have been having:
>
> 1.) Vulnerability Assessment 2.) Penetration Test
> -Gather data -Pretend not
> to know data
> -Assess potential weakness -Try to Hack into
> the network
> -Determine what current patch levels are -Report successes or
> failures
> (does someone have this data?)
> -Recommend all necessary corrections
>
> Does anyone have a more complete methodology paper? I've been hearing
> some of the pros and cons of the above two. Do you normally do both, or
> just whatever people what? I assume the first is more difficult and
> time consuming; is that true?
>
> The approach is certainly important, but even more intimidating: I feel
> like I need to know everything about varying brands of firewalls,
> routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix,
> Netware, etc., etc., etc.! I'm pretty experienced in Unix and
> Firewalls, but does anyone have any advise on dealing with the shear
> magnitude of data necessary? Also, from the more practical tools stand
> point, do you guys just have everything loaded on one "attack" laptop.
> Dual boot, or VmWare?
>
> Thanks so much!
>
> Jared DeMott
> Vulnerability Analyst
> Booz | Allen | Hamilton
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT