Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Sun, 10 Sep 2000 20:39:08 -0700

Has anyone considered utilizing a Red Hat Linux 6.2 box running VMWare for
Windows NT.  ???
Instead of having a multi-boot disk or multiple disk packs.

It appears that some of these tools are available for both platforms.

One is absolutely correct, it really depends on the type of penetration
test one is engaged to conduct.  But what really is Industry Best
Practices.  I know some high end consulting services like to utilize a
mixture of commercial and freely available network and host based scanners
to give an overall analysis.  Then parse through the results to formulate a
network and host map.

What tool would be used first and what would be the secondary tool to
validate any false positives one may discover???  Is there any manual
massaging of the data??  Would you turn over the raw data to the customer??

/mark



At 06:17 PM 9/10/00 -0400, Frasnelli, Dan wrote:
> What would be the typical tool suite one would use on a Pen Test??

I assume you meant the usual network-based penetration test by that.
If you are asked to mess with a client's pbx/vmb, physical security,
employees, etc... there are other techniques or hardware involved.

Most penetration tests are conducted in two phases: exploration and
exploitation.
I recommend you tailor a software 'tool suite' with those as
guidelines.  Depending on your style, organizing tools this way may
or may not be efficient.
Below are examples biased towards Unix; perhaps an NT person has
suggestions for that platform.

Exploration and Analysis
- portscanners:
        nmap            (www.insecure.org)
- sniffers:
        tcpdump         (www.tcpdump.org)
        ngrep           (sourceforge.net/projects/ngrep)
        dsniff          (www.monkey.org/~dugsong/dsniff)
- vuln scanners:
        vlad            (razor.bindview.com/tools/)
        whisker         (sourceforge.net/projects/whisker)
- Samba, nbtscan, l0phtcrack & other tools for windows networks
- the inevitable custom code and scripts

Exploitation
- hunt                  (www.gncz.cz/kra/index.html)
- misc tools            (www.ussrback.com, www.packetfactory.net)
- whatever is current from packetstorm/ussrlabs/bugtraq/etc.
  for the targets.

This category is dynamic and typically contains unreleased
exploits, in-house code, etc.  Its also the attack phase which
causes most 'script kiddies' grief, as it requires a lot of creative
tweaking to avoid detection.

A portable computer and disc with various tools compiled for your platform
of choice is a good starting point for a network penetration kit.

-dan


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault