Penetration Testing mailing list archives
Re: a "good" vulnerability for educational purposes
From: "Jorge L. Vazquez" <jlvazquez825 () gmail com>
Date: Tue, 19 Aug 2008 05:48:39 -0400
Kelly Keeton wrote:
Also there are Live Cd's with things your looking for... http://de-ice.net/ http://www.damnvulnerablelinux.org/ no so but some... http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project On Mon, Aug 18, 2008 at 12:07 PM, Andre Amorim <decouk () gmail com> wrote:Dear Trajce, My suggestion is ... Download some old softwares with bugs. https://www.securinfos.info/old_softwares_vulnerable.php then use metasploit to exploit it. Also there is a nice intro tutorial here showing how to write a exploit with metasploit framework. http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit All the best, Andre Amorim GnuPG KEY: 2048R/3E10FF47 Download: http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x7C3B77763E10FF47 2008/8/18 <dimkovtrajce () yahoo com>:Hi, Our goal is to teach master students in computer security in pen testing remote servers. As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the vulnerability. I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above. Can you point me to any "good" vulnerability for this purpose? Regards, Trajce ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
like someone suggested here de-ice live cd is a good platform to do pentesting, my personal opinion I would install an old version of windows server like windows 2000 server (unpatched--no SP's)as it resembles what you would find in a live production environment, and install as many services/applications as you want (IIS, ftp, telnet, etc...) and that could be the setup for the target, as far as what to use for pentesting, you could take a look at backtrack, knoppix-std.... and if you put all this in a vmware even better, after you bring the server to its knees all you got to do is revert to snapshot, and you got your brand new server ready to be destroyed again... just my two cents. thanks Jorge L. Vazquez MCSE, CCNA, A+ www.pctechtips.org ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- a "good" vulnerability for educational purposes dimkovtrajce (Aug 18)
- Re: a "good" vulnerability for educational purposes Andre Amorim (Aug 18)
- Re: a "good" vulnerability for educational purposes Kelly Keeton (Aug 18)
- Re: a "good" vulnerability for educational purposes Jorge L. Vazquez (Aug 19)
- Re: a "good" vulnerability for educational purposes eldraco (Aug 25)
- Re: a "good" vulnerability for educational purposes Kelly Keeton (Aug 18)
- <Possible follow-ups>
- Re: a "good" vulnerability for educational purposes edjenguele christian eric (Aug 18)
- Re: Re: a "good" vulnerability for educational purposes eladexposed (Aug 19)
- Re: a "good" vulnerability for educational purposes Andre Amorim (Aug 18)