RE: Exploit Archive

From: Strand, John (John.Strand@mms.gov)
Date: Wed Aug 18 2004 - 09:12:14 EDT


Hi Jared,

I don't know if proving every weakness is a good idea in a production
environment. I recommend verifying the vulnerabilities via tools like
netcat, or actually pulling the versions of your OS's and applications to
see if they are vulnerable. Or, if you are lucky, you can run the exploits
against your test environment. This works nice because it demonstrates the
effectiveness of the various vulnerabilities without adversely impacting
your production servers. Trust me, it is absolutely no fun crashing a server
as part of a pen-test or Vul assessment...Even if you have it in writing
that you are not responsible for a system or app crash.

Just to be clear, I do not under any circumstances recommend running exploit
code from the sites below against your production servers. Rather, run them
in a test environment or in a VMWare environment.

Check these sites out..

http://packetstormsecurity.org/

http://www.k-otik.com/exploits/

http://www.thc.org/root/

http://exploitlabs.com/index1.html

John

-----Original Message-----
From: DeMott Jared [mailto:demott_jared@bah.com]
Sent: Tuesday, August 17, 2004 7:44 AM
To: pen-test@securityfocus.com
Subject: Exploit Archive

Gang:

I was wondering if anyone has a nice archive of Windows, Unix, etc.
exploits (fully functional) they'd be willing to share. I'm about to do
the first pen-test of our network. I know that I can identify
"potential" flaws using Nessus, but my boss has asked that I prove to
him each and every "potential" weakness. I've been told that you can
find many exploits out on the web, but it's been such a hassle trying to
find all of what I'm looking for!

Also, I've been reading the discussion about methodology some people
have been having:

1.) Vulnerability Assessment 2.) Penetration Test
    -Gather data -Pretend not
to know data
    -Assess potential weakness -Try to Hack into
the network
    -Determine what current patch levels are -Report successes or
failures
     (does someone have this data?)
    -Recommend all necessary corrections

Does anyone have a more complete methodology paper? I've been hearing
some of the pros and cons of the above two. Do you normally do both, or
just whatever people what? I assume the first is more difficult and
time consuming; is that true?

The approach is certainly important, but even more intimidating: I feel
like I need to know everything about varying brands of firewalls,
routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix,
Netware, etc., etc., etc.! I'm pretty experienced in Unix and
Firewalls, but does anyone have any advise on dealing with the shear
magnitude of data necessary? Also, from the more practical tools stand
point, do you guys just have everything loaded on one "attack" laptop.
Dual boot, or VmWare?

Thanks so much!

Jared DeMott
Vulnerability Analyst
Booz | Allen | Hamilton

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:00 EDT