RE: Laboratory Setup Help (RS)

• Previous message: yossarian: "Re: resources for the pen-test team?"
• Next in thread: Arturo \: "RE: Laboratory Setup Help (RS)"
• Reply: Arturo \: "RE: Laboratory Setup Help (RS)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 31 Jan 2002 15:47:42 -0300
To: "Arturo \"Buanzo\" Busleiman" <buanzo@buanzo.com.ar>, <pen-test@securityfocus.com>
From: Marcelo Gulin <gulinma@bytefinder.ath.cx>

Hi!

   Or reverse your search. Search for exploits first and then download that
apps that you know that are vulnerable. There's a lot of sites with
local/remote exploits for various daemons.

regards
Marcelo Gulin

At 31/01/2002 05:44, Javier Fernandez-Sanguino wrote:

>You can find information on vulnerable packages from the distribution's
>main site. I don't know about others, but Debian, for example, dedicates
>security.debian.org for this. Since the advisories are there you can
>check out which Debian GNU/Linux packages are vulnerable.
>
>Of course, you can always use Bugtraq (www.securityfocus.com) for
>information on vulnerabilities and see the cross-relationships with
>GNU/Linux distributions (either the database or the advisories sent to
>the mailing list).
>Regards
>
>Javier Fernandez-Sanguino
>
> > -----Mensaje original-----
> > De: Arturo "Buanzo" Busleiman [mailto:buanzo@buanzo.com.ar]
> > Enviado el: miercoles, 30 de enero de 2002 18:09
> > Para: pen-test@securityfocus.com
> > Asunto: Laboratory Setup Help (RS)
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > =- To moderator -=
> > Moderator, my last post didn't go thru because you told me to
> > search the
> > archives. I did that, and found a couple of results, but I
> > kindly request
> > you to let this post pass, as my findings weren't exactly
> > what I needed.
> > *please* :)
> > =- EOM
> >
> > Hello world's pen-testers!
> >
> > I was employeed last month by a company who wants to setup a Pen-Test
> > laboratory that I will lead. The environment would be an homogeneous
> > GNU/Linux network.
> >
> > What I need is you to recommend versions of the following
> > packages/combinations: FTP, Apache/Cgi/MySQL, DNS, sendmail, etc
> >
> > that are remotely exploitable for gaining shell access (or
> > the possibility
> > to execute commands on the remote system), AND some local exploits to
> > acquire root privileges.
> >
> > Of course, if you can lead me to specific documentation regarding the
> > exploits of those packages versions, I will greatly
> > appreciate it and be
> > most thankful.
> >
> > Thank you very much to all of you!
> >
> > Arturo "Buanzo" Busleiman
> > - -=( RareGaZz-Team Member )=-
> > GNU/Linux USERS, MP Ediciones
> > GNU's es_AR Translation Team Leader
> > Moderador de Seguridad@alipso.com
> > Turcin Soluciones Informaticas http://www.turcin.com.ar
> > http://www.buanzo.com.ar
> > PGP/GnuPG Public Key available at horowitz.surfnet.nl
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.4 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE8WCjI+kypiSoPpFoRAorxAJ47A3y5H7PMeNDRg154XwHqznvNdwCfcTcA
> > 4OvlZoAueBCUXWCCPTEwvTM=
> > =1Mku
> > -----END PGP SIGNATURE-----
> >
> >
> > --------------------------------------------------------------
> > --------------
> > This list is provided by the SecurityFocus Security
> > Intelligence Alert (SIA)
> > Service. For more information on SecurityFocus' SIA service which
> > automatically alerts you to the latest security
> > vulnerabilities please see:
> > https://alerts.securityfocus.com/
> >
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: yossarian: "Re: resources for the pen-test team?"
• Next in thread: Arturo \: "RE: Laboratory Setup Help (RS)"
• Reply: Arturo \: "RE: Laboratory Setup Help (RS)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Cross Site Scripting Vulnerabilities - XSS ... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Cross Site Scripting Vulnerabilities - XSS ... Cross Site Scripting Vulnerabilities - XSS ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Vulnebrability level definition ... 'severity' of a given vulnerability, and this severity can change with time. ... different methodologies to rate vulnerabilities and present the associated ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Scanners and unpublished vulnerabilities - Full Disclosure ... AH> vulnerabilities they have notified vendors about. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: MS Office Files ... You are trying to trace back to a particular machine I ... > This list is provided by the SecurityFocus Security ... > Intelligence Alert Service. ... > SecurityFocus' SIA service which automatically alerts you to ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint