Penetration Testing mailing list archives
VmWare and Pen-test Learning
From: "IRM" <irm () iinet net au>
Date: Sun, 6 Aug 2006 18:58:19 +1000
Hi all, I would like to learn about Penetration testing or maybe Vulnerability Assessment (?) or whatever it is called. I have set up a few machines on VMWare - Windows 2000 Server, Windows 2003 Server and Solaris 9.0. These machines are unpatched with no updates or service pack. Basically what I would like to achieve in this task is to demonstrate that these machine are not secured. Thus by using a well-known exploit that are available in the public space , people can easily exploit the system and gain administrator privilege either by Local exploit or Remote Exploit. Now, the question is that, where to start? Can people suggest me where should I start? Should I start using Nessus and identify all the vulnerabilities that are applicable on these machines? And start to do some research on securityfocus.com i.e. to find the exploit? Or maybe if there is a list of vulnerabilities for each of the operating system, I think that would be great! Because I know that Unicode Exploit on IIS 4.0 is quite famous at that time. Is there similar thing on Windows 2003? Is there a list available like TOP 10 Exploit or something? Cheers, John ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- VmWare and Pen-test Learning IRM (Aug 06)
- RE: VmWare and Pen-test Learning Erin Carroll (Aug 06)
- Re: VmWare and Pen-test Learning Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 07)
- RE: VmWare and Pen-test Learning Erin Carroll (Aug 07)
- RE: VmWare and Pen-test Learning IRM (Aug 07)
- Re: VmWare and Pen-test Learning Chris Gates (Aug 08)
- Re: VmWare and Pen-test Learning Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 07)
- Re: VmWare and Pen-test Learning Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 07)
- Re: VmWare and Pen-test Learning Lee Lawson (Aug 07)
- RE: VmWare and Pen-test Learning Erin Carroll (Aug 06)
- RE: VmWare and Pen-test Learning salexander (Aug 07)
- <Possible follow-ups>
- Re: RE: VmWare and Pen-test Learning krymson (Aug 07)