Re: [Full-disclosure] CORE-Impact license bypass
From: Exibar (exibar_at_thelair.com)
To: "c0ntex" <firstname.lastname@example.org>, "Josh Perrymon" <email@example.com>, <firstname.lastname@example.org> Date: Mon, 26 Sep 2005 16:06:19 -0400
>----- Original Message -----
>From: "c0ntex" <email@example.com>
>To: "Josh Perrymon" <firstname.lastname@example.org>;
>Sent: Monday, September 26, 2005 3:36 PM
>Subject: Re: [Full-disclosure] CORE-Impact license bypass
>CORE is a good product for what it does. Just as NMAP is and just like
>Nessus is, though relying on them is probably not a good idea for an
>audit. I rather do all pentesting by hand, nothing can compete against
>that and I can't think of a time where I have ever used either Nessus
>or CORE in an audit.
>Never used CANVAS. I don't care for Automated exploit tools but
>someone had CORE and I fancied a play as the CORE team are a pretty
>interesting bunch of guys.
I fancied a play once too... but she slapped me when I started to play with
her in the hallway :-)
anyway.... Wouldn't you want to run Nessus on a network you're conducting
a pentest on to get a general overview of what vulnerabilities it finds?
Sure beats guessing or hoping that server-suchandsuch isn't patched.
As far as automated tools go, bah, manually exploiting the holes is
certainly the way to go. But, the automated tools usually produce nice
pretty reports that you can show the client. They just LOOOOOVVVVVEEEEEE
pretty reports with many bright colors and such for the good stuff and dark
"hacker like" colors for the bad stuff :-)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/