Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pentesting lab
From: charles watathi <charleswatathi () gmail com>
Date: Tue, 5 Jan 2010 13:02:56 +0300

Hi,

For a detailed review of what you can setup when coming up with a
pentesting lab, kindly check the link below. It includes most of the
labs you should setup,security challenges and where you can go and
"train"

http://blog.securitymonks.com/2009/08/23/learning-by-doing-hacker-challenges-and-practice-sites/

Regards
Charles

On 1/4/10, Elliot Fernandes <elliotfernandes () yahoo com> wrote:
For pentesting windows your setup seems good, but not enough. Try to get
more, like: you'd need to test out attacking SNMP, bruteforcing SSH, ....
and also have a large wordlist ready for all of this, and generate some
rainbow tables. You'd need these for password attacks.

--- On Mon, 1/4/10, Swaminathan, Balaji <Balaji.Swaminathan () kla-tencor com>
wrote:

From: Swaminathan, Balaji <Balaji.Swaminathan () kla-tencor com>
Subject: RE: Pentesting lab
To: "Elliot Fernandes" <elliotfernandes () yahoo com>, "s3c.b3n"
<securitybender () gmail com>
Cc: pen-test () securityfocus com
Date: Monday, January 4, 2010, 5:01 PM

Exactly....I am doing the same thing in addition to running
Win Server
2k3...Backtrack and Metasploit as attacker are good and
flexible to use.
As you mentioned Netbios ports alone, I feel, are not
enough...Wat do
you say...? In addition i am installing SQL, SMTP, IIS and
etc and then
fine tuning them depending upon the exploit success rate.
Is that fine
or anything more left to be focused?

Thank you for pointing out malware testing.


Regards,

Balaji Swaminathan .M


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Elliot Fernandes
Sent: Monday, January 04, 2010 2:04 AM
To: s3c.b3n
Cc: pen-test () securityfocus com
Subject: RE: Pentesting lab

You could run vmware, and install windows xp service pack
2. service
pack 2 is used by most people in the windows world, they
havent
completely shifted to vista or windows 7. It's already
running
vulnerable services mostly on ports 135,139, and 445 tcp.
You just need
the latest version of metasploit to test it. For analyzing
malware
there's a script in python called malware analyzer
http://www.beenuarora.com/code/analyse_malware.py . But
you will need
the PE module from google code http://code.google.com/p/pefile in the
same folder. The malware analyzer is amazingly good for
analyzing
botnet-binaries and viruses and such. You'll also need Olly
Debug and
IDA pro. Have two VMs ready, one windows for the victim,
and linux,
preferably backtrack for the attacker. That should about
do. Oh, you
could also have a Honeypot ready to catch exploits from the
wild. you
could have them separated from your normal network.




------------------------------------------------------------------------
This list is sponsored by: Information Assurance
Certification Review
Board

Prove to peers and potential employers without a doubt that
you can
actually do a proper penetration test. IACRB CPT and CEPT
certs require
a full practical examination in order to become certified.


http://www.iacertification.org
------------------------------------------------------------------------






------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]