From: Steve Armstrong (stevearmstrong@logicallysecure.com)
Date: Thu Mar 16 2006 - 17:09:33 EST
Philippe
I am not sure what you are after, but if it is knowledge you seek, then
the best way is to walk the walk and play with the tools.
However, with so many out there you need to give yourself boundaries, or
you will never reach milestone.
I was always told you should learn an OS like you administer it on a day
to day basis. Then learn another one to the same level (industry would
dictate a Windows and a *nix OS would be key starters).
Then learn a language you can use - ie one that you will take forward
and use in your day to day work. If you want develop your own exploits
or understand the ones you are using then look at C++ or C#. Perl is a
common language as is awk, and both can be used to automate your testing
and daily routine. Personally, I find Fedora Core an excellent base OS
and I use many shell scripts to automate and gather the information I
want/need.
As to tools, I always believe you should play and understand every tool
in your box, else you run the risk of breaking your targets at
in-opportune times, through mis-use of your cmdline.
To add to your toolset, I would suggest:
THC-Hydra (http://www.thc.org/download.php?t=r&f=hydra-5.2-src.tar.gz)
is an excellent brute forcing tool (I never got great results with
Brutus)
AMap(http://www.thc.org/download.php?t=r&f=amap-5.2.tar.gz) - I know
this is sort of in nmap but I like to run it separately.
GFI (www.gfi.com) - Their Languard Network Security Scanner (NSS) is
good, but I believe version 3.3 was the best for identifying windows
epmap and domain info as more revent version has much less 'public'
information.
Cain&Able (http://www.oxid.it/cain.html ) is very good for sniffing and
capturing data for pen testing purposes - as well as a load of other
handy functions
Finally, although a crippled demo bidiblah
http://www.sensepost.com/research/bidiblah/ (from Sensepost is a good
tool that can be used to gather opensource data about targets (if you
are looking into your info gathering procedures).
To add to your websites, www.milw0rm.com is very good for open source
remote, local and dos exploits. Up to about 2 days ago I would have
suggested www.frsirt.com , but they closed their public exploit
repository :-( .
While I am not sure you are into books (as your list don't include any),
but any of the Hacking Exposed series, are very handy when stuck, or
just looking for a break from the screen.
Steve A
stevearmstrong<at>logicallysecure.com
________________________________
From: b1ivrj77
Sent: Thu 16/03/2006 06:00
To: pen-test@securityfocus.com
Subject: Penetration tool kit
I have read over the internet, books, pdf's and talk with a lot of
people
about security, hacking, cracking and pen-testing. Every time we always
talk
about the "Personal tool kit" that every one uses, may it be a complete
or
incomplete tool kit, the best or worst we all have some tools we like to
use. Well I don't.
I would'nt say I'm new to security but I can be so bold as to say, I'm
good
with theorical knowledge but pretty poor with practical ones. I want to
start few pen-test on my own machine (to learn stuff up) at home and I'm
not
afraid of reading or learning things. But finding the right tool for the
right job is for me the most difficult task in security.
I see two approaches to my problem and I can explain them both with:"
Give a
man a fish; he is feeded for a day. Teach him how to fish, he is feed
for
life".
I would like to know where I could find info & tip's on a Pen-tester
tool
box. And I do favor knowledge over script-kidding,
Here the knowledge tool box I have:
www.insecure.org
http://www.securityfocus.com/
http://www.sans.org/
http://www.isecom.org/
http://www.networkintrusion.co.uk/hacking.htm
http://www.iss.net/
http://www.defcon.org/
http://www.snort.org/
http://www.blackhat.com/
http://www.whitehatsec.com/
For the tool part, i know:
Nessus
Nmap
Nc (netcat)
Ethereal
Hping2
Brutus
Enum+
AccessDiver (got that one today from a previous email, really happy)
Nbtscan
I use a Windows based laptop and my most trusted Mandriva based laptop
(linux)
Any help would be greatly appreciated.
Philippe Rivest
A security student (self student)
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to
proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic
Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------
------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:42 EDT