Home page logo

basics logo Security Basics mailing list archives

Re: Pen-Testing New Server - Where to start?
From: rohnskii () gmail com
Date: 14 Nov 2007 04:17:35 -0000

OK, so you've "found out" a little about the site you are "attacking".  Now you have to find out some more.  Try to 
find out the specific applications providing those services, their versions, and the state of their patching.  One tool 
you can try to help ID versions is Nessus.

As you find that info, go to the web and search for known vulnerabilities for the apps / versions and try to attack 
those vulnerabilities to see if they have been patched properly.

Search the web for and try to default userid's and passwords for admin features on the hardware and software, see if 
they have been changed (this is one of the most common vulnerabilities).

This should give you a start.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]