Re: Exploit Archive

[Ereshkigal <ereshkigal () gmail com>]

http://www.bekkoame.ne.jp/~s_ita/port/port1-99.html is quite handy as
a quick reference.  It's basically a standard port list of the more
common exploits.  If there's something legit also on that port, it's
generally listed as well.  Example:
1       tcp/udp tcpmux  TCP Port Service Multiplexer
1       udp     #       Sockets des Troie
The exploits are nicely highlighted in red, too.  I use it primarily
as a quick reference to see what may be happening on a customer's
machine.

Ereshkigal
ereshkigal () gmail com

On Wed, 18 Aug 2004 07:19:24 +0100, Kevin Sheldrake
<kev () electriccat co uk> wrote:
> www.k-otik.com (but you'll need to be able to read French)
> www.securityfocus.com - use the search feature for service names and
> versions
> www.packetstormsecurity.org - ;)
> www.tgs-security.com - read their papers
>
> Get yourself a play rig where you cat test things out.
>
> And, above all, if you're not confident, hire a good consultant.
>
> Kev
>
> > Gang:
> >
> > I was wondering if anyone has a nice archive of Windows, Unix, etc.
> > exploits (fully functional) they'd be willing to share.  I'm about to do
> > the first pen-test of our network.  I know that I can identify
> > "potential" flaws using Nessus, but my boss has asked that I prove to
> > him each and every "potential" weakness.  I've been told that you can
> > find many exploits out on the web, but it's been such a hassle trying to
> > find all of what I'm looking for!
> >
> > Also, I've been reading the discussion about methodology some people
> > have been having:
> >
> > 1.) Vulnerability Assessment                  2.) Penetration Test
> >     -Gather data                                            -Pretend not
> > to know data
> >     -Assess potential weakness                      -Try to Hack into
> > the network
> >     -Determine what current patch levels are   -Report successes or
> > failures
> >      (does someone have this data?)
> >     -Recommend all necessary corrections
> >
> > Does anyone have a more complete methodology paper?  I've been hearing
> > some of the pros and cons of the above two.  Do you normally do both, or
> > just whatever people what?  I assume the first is more difficult and
> > time consuming; is that true?
> >
> > The approach is certainly important, but even more intimidating:  I feel
> > like I need to know everything about varying brands of firewalls,
> > routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix,
> > Netware, etc., etc., etc.!  I'm pretty experienced in Unix and
> > Firewalls, but does anyone have any advise on dealing with the shear
> > magnitude of data necessary?  Also, from the more practical tools stand
> > point, do you guys just have everything loaded on one "attack" laptop.
> > Dual boot, or VmWare?
> >
> > Thanks so much!
> >
> > Jared DeMott
> > Vulnerability Analyst
> > Booz | Allen | Hamilton
>
> --
> Kevin Sheldrake MEng MIEE CEng CISSP
> Electric Cat (Bournemouth) Ltd
>
> --
> Outgoing mail is certified Virus Free.
> Checked by AVG Anti-Virus (http://www.grisoft.com).
> Version: 7.0.262 / Virus Database: 264.6.3 - Release Date: 16/08/2004

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------