Security Basics mailing list archives
Re: which is next step after using tools in penetration testing?
From: Vivek P <iamherevivek () gmail com>
Date: Tue, 3 Mar 2009 21:15:17 -0800
Hi Manoj, I really appreciate your effort to do an internal penetration testing for your organization ;). I am sharing some method I suggest to my team of penetration testers (when they are under training). 1. Assume that you do not know any thing about the system that you are attacking / pen testing (this will help you do justice to what you do, you being I.T. Engineer could have alot of information about the apps being used at your organisation) 2. Make sure that you just have the basic information like domain names / ip addresses and applications that are running on them.. 3. Use the list of approaches & tools listed at www.vulnerabilityassessment.co.uk (Thanks to Kevin Orrey) as a sample list of tools / methods that you can use to explore holes / vulnerability 4. Once you short list the holes and vulnerabilities, sit with your production team, CTO / CISO / CIO to choose which vulnerabilities need to be exploited to prove your point that these holes are serious and could affect business. 5. With the list of exploits to be executed, as our friends explained before, go with metasploit framework and search exploits from the milw0rm or similar websites. 6. Also i would advise you to go through securityfocus.com and other sites where these vulnerabilities, its exploits and their tracks are maintained. wishing an interesting pen test exercise. -- Regards Vivek P Nair VP Technology | Head Special Services Group Appin Software Security Private Limited | vivekp () appinonline com | vivek.p () appinlabs com | 09999668010 | d3adbra1n.wordpress.com | Three ways to gain Success 1. know more than others 2. work more than others 3. expect less than others On Tue, Feb 24, 2009 at 8:25 PM, manoj karkhanis <mkarkhanis () gmail com> wrote:
Hi All, i am doing pt for our organisation internally but as per as my experience i am not able to any expoit usig tools so i want to what is next step after tools. as i know that we can use scripting tools for this. i am I.T. Engineeer. and i understand syntax of java , c++. but i came to know that perl, python are most useful languages. please someone help me . Regards, Manoj
Current thread:
- Re: which is next step after using tools in penetration testing? m . amit30 (Mar 02)
- RE: which is next step after using tools in penetration testing? Rafael Torrales Levaggi (Mar 03)
- Re: which is next step after using tools in penetration testing? Abhishek Kumar (Mar 03)
- <Possible follow-ups>
- Re: which is next step after using tools in penetration testing? praveen_recker (Mar 03)
- Re: which is next step after using tools in penetration testing? Serg B (Mar 03)
- Re: which is next step after using tools in penetration testing? Vivek P (Mar 04)
- Re: which is next step after using tools in penetration testing? Meenal Mukadam (Mar 04)
- Re: which is next step after using tools in penetration testing? rohnskii (Mar 05)
- Re: Re: which is next step after using tools in penetration testing? dan . crowley (Mar 05)