Home page logo
/

basics logo Security Basics mailing list archives

Re: Pen-Testing New Server - Where to start?
From: "crazy frog crazy frog" <i.m.crazy.frog () gmail com>
Date: Wed, 14 Nov 2007 14:43:25 +0530

HI,
there is a framework for penetration testing.which you can get at
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
read it and follow the steps.
REgards,

On Nov 14, 2007 2:26 AM, Security <security () gridrunners com> wrote:
Hi, I'm new to the InfoSec industry and would like to try my hand at
penetration-testing (and securing) a new server I've set up at home.

Seeing as I've set up the system, I know all the usernames/passwords
used on the box, as well as how everything is set up, but I'd like to
approach this as an outside user, pretending that I have none of this
information. I want to try to gather information, form an attack plan,
and attempt to crack the system from scratch, so that I can later on go
back and secure the system against those attacks.

Here's the information I can assume I'd know, from basic enumeration:

The server is running Ubuntu v6.06, with the following services:
ftp
http (apache)
smtp
pop3
irc (hybrid)
ssh

When setting up the system, I followed the following tutorial (almost to
a T... though I did a few things different):

http://www.howtoforge.com/perfect_setup_ubuntu_6.06

Since the system is on my local network, I know there's only one IP I've
got to worry about, and this is the only target machine.

Any ideas where I should start? What information might help?

Thanks.

~Xor




-- 
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault