mailing list archives
Pen-Testing New Server - Where to start?
From: Security <security () gridrunners com>
Date: Tue, 13 Nov 2007 14:56:57 -0600
Hi, I'm new to the InfoSec industry and would like to try my hand at
penetration-testing (and securing) a new server I've set up at home.
Seeing as I've set up the system, I know all the usernames/passwords
used on the box, as well as how everything is set up, but I'd like to
approach this as an outside user, pretending that I have none of this
information. I want to try to gather information, form an attack plan,
and attempt to crack the system from scratch, so that I can later on go
back and secure the system against those attacks.
Here's the information I can assume I'd know, from basic enumeration:
The server is running Ubuntu v6.06, with the following services:
When setting up the system, I followed the following tutorial (almost to
a T... though I did a few things different):
Since the system is on my local network, I know there's only one IP I've
got to worry about, and this is the only target machine.
Any ideas where I should start? What information might help?
- Pen-Testing New Server - Where to start? Security (Nov 13)