From: Bruno Cesar Moreira de Souza (bcmsouza@yahoo.com.br)
Date: Thu Dec 07 2006 - 12:47:58 EST
Hi
Only a review of my statement in the last post,
because I think was not enough clear:
"you could try ... exploiting an Internet Explorer
flaw..."
change for this:
"If you were doing an internal pen-test trying to own
the network administrator workstation, you could try
to do a DNS poisoning or just an arp poisoning attack
(take a look on ettercap and dsniff) to redirect the
http connection of your target, for your 'evil' http
service with a 0day Internet Explorer exploit."
Cheers,
Bruno Cesar M. de Souza
--- Bruno Cesar Moreira de Souza
<bcmsouza@yahoo.com.br> escreveu:
> Hi,
>
> For an updated XP machine, whithout additional
> network
> services or network applications, maybe you will
> need
> a 0day exploit - an exploit for a vulnerability not
> yet patched by the vendor. Sometimes, security
> researches disclose 0day exploits for the public.
> Recently, some exploits for Internet Explorer and MS
> Office applications were disclosed before Microsoft
> could patch the holes. If you were doing an internal
> pen-test trying to own the network administrator
> workstation, you could try to do a DNS poisoning or
> just an arp poisoning attack (take a look on
> ettercap
> and dsniff) to redirect the target for your web
> site,
> exploiting an Internet Explorer flaw, for example.
>
> But if you can´t find a known vulnerability for your
> target, you can try by yourself discover a security
> hole and write an exploit.
>
> A suggestion: in the learning of the "pen-test art"
> is
> better to first understand deeper the common kinds
> of
> vulnerabilities and have the fundamentals, instead
> of
> just run exploits downloaded from the web.
>
>
> Best Regards,
>
> Bruno Cesar Moreira de Souza
>
> --- mifa@stangercorp.com escreveu:
>
> > I have gone through the eh course and I still do
> not
> > feel like I can really understand how to pen test.
>
> > None of the exploits or methods seem to work on a
> > updated xp machine. I set up a vm ware network to
> > practice on. I can not seem to make any progress
> > because the information I have is outdated.
> >
> > Can anyone point me to a resource that would help
> me
> > gain access to an xp machine that is running
> > automatic updates (my vm). I cant seem to do it
> one
> > the lan any way other than to use a trojan and
> what
> > would be to point of pen testing a system if the
> > only way in is via trojan; thats standard
> seucrity,
> > dont run programs from email, blah blah blah...
> >
> >
>
------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download
> > Hailstorm for FREE.
> >
>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> >
>
------------------------------------------------------------------------
> >
> >
>
>
>
>
>
>
>
>
_______________________________________________________
>
> Você quer respostas para suas perguntas? Ou você
> sabe muito e quer compartilhar seu conhecimento?
> Experimente o Yahoo! Respostas !
> http://br.answers.yahoo.com/
>
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:26 EDT