mailing list archives
Re: Pen-Testing New Server - Where to start?
From: rohnskii () gmail com
Date: 14 Nov 2007 04:17:35 -0000
OK, so you've "found out" a little about the site you are "attacking". Now you have to find out some more. Try to
find out the specific applications providing those services, their versions, and the state of their patching. One tool
you can try to help ID versions is Nessus.
As you find that info, go to the web and search for known vulnerabilities for the apps / versions and try to attack
those vulnerabilities to see if they have been patched properly.
Search the web for and try to default userid's and passwords for admin features on the hardware and software, see if
they have been changed (this is one of the most common vulnerabilities).
This should give you a start.