RE: root kit detection/penetration

From: Chris Fahey (cfahey@ceservices.com)
Date: Thu Sep 15 2005 - 19:05:04 EDT

• Next message: Sekurity Wizard: "RE: Pen test, tcp/1404 found - advice needed"
• Previous message: Andre Ludwig: "Re: Pen test, tcp/1404 found - advice needed"
• Maybe in reply to: cdewitt@indepthsec.com: "root kit detection/penetration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

if you are going to root a client server you should first do a few things.
let them know they are vulnerable to a rootkit attack and get authorization to exploit it. unless it is stipulated in the contract that you will exploit all vulnerabilities black box style. also, do your best that when you root the box you are doing it in the most stealthy way possible (i.e. no DoS). furthermore, document everything you do. i recommend using vmware workstation 5 as your attack platform so as that you can record all of your keystrokes, commands, clicks, etc. this will provide you and your client with very robust documentation of how the box was rooted.

________________________________

From: cdewitt@indepthsec.com [mailto:cdewitt@indepthsec.com]
Sent: Tue 9/13/2005 9:55 AM
To: pen-test@securityfocus.com
Subject: root kit detection/penetration

What are the best practices for penetration testing the viability of placing root kits on a client's external servers - vpn, web, app...?

And, while I'm asking - what are the best practices or countermeasures for root kit placement?

What root kits are still viable/current?

All comments/tomatoes welcome...cd

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

This message (including attachments) contains confidential information from Competitive Edge Services, Ltd. intended for a specific individual and purpose. The contents of this message are protected by law and are only for the viewing or use of the intended recipient. If you are not the intended recipient, you should return this message to Competitive Edge Services, Ltd. and then delete the message. Disclosing, copying, distributing, or acting upon the contents of this message is strictly prohibited.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Sekurity Wizard: "RE: Pen test, tcp/1404 found - advice needed"
• Previous message: Andre Ludwig: "Re: Pen test, tcp/1404 found - advice needed"
• Maybe in reply to: cdewitt@indepthsec.com: "root kit detection/penetration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:55 EDT