Home page logo
/

basics logo Security Basics mailing list archives

Re: Pen-Testing New Server - Where to start?
From: Security <security () gridrunners com>
Date: Tue, 13 Nov 2007 21:44:34 -0600

Good ideas! Here are some of my (out of order) thoughts:

0.) Jamming through the code sounds interesting, but at the present moment would seem to be counterproductive (see number 1 below). Maybe once I get better at C... (I'm a PHP developer ATM.)

1.) I used to write in C/C++ but it's been a long time. I should pick it up again, and start learning the more advanced workings of the language. I've got a book on C#, and am learning python, so hopefully those will be useful. (I'm running Linux tho, so I'll need mono for C#)

2.) I ran a nessus scan of the system and it returned information about pop3/imap vulns, apache webserver vulns, and DNS vulns. The only one I can consider exploitable ATM is the webserver, though I need to learn more about XSS and exploiting TRACE for info.

3.) Default usernames//passwords are a good idea, but since I own the box I can't justify pretending to guess passwords. (A good tip for pen-testing other systems, though.)

4.) As for user-land apps, I'm assuming you're talking about PHP scripts and the like... Of which I have none (yet). Maybe I should do some default-installs of various software (phpbb, etc) and play with breaking that. Again, XSS is something I need to jump into.

5.) Though "Hackers" was a fun flick, I doubt I'll be flying around databases with blinking garbage files filled with fractals any time soon. ;-)

Thanks for the tips! If you know of any other good websites to research from (other than Securityfocus and milw0rm) I'd like to know!

Again, thanks.

~Xor

Serg B wrote:
Unless you want to start reading source code (recommended) and hunting
for some 0-days I suggest thinking a little higher than the underlying
server infrastructure.

For example, you can enumerate services (name, version number, etc)
and search for some exploits that could work on those ports. Also try
some default usernames and passwords, etc. Common configuration errors
are always fun. Brute forcing is not going to teach you much so in my
opinion you could skip that all together.

In regards to "thinking higher" (most of the time this is how an
attacker gets access) you could smoke a joint (thinking higher, get
it, get it, ha-ha) and enumerate user-land applications (i.e. those
running on the HTTP port) and try to exploit them. Remember that
gaining access does not necessarily mean you are going to execute an
exploit and you're in. XSS and session hi-jacking could very well get
you an account, as well as phishing, etc. So look for all
vulnerabilities, not just those that you saw in Hackers (movie).

Great starting points in my opinion are:

Learn to program (strongly recommended if you don't know already).
   C (at a minimum)
   Java/C# (pick one, same shit)
   Python/Perl/PHP (pick one, depending on what you want to do).

Read www.owasp.org (reference section).


   Cheers,
      Serg


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]