A little Help with Pen Testing My systems!

From: mike Hughes (mikehughes013@hotmail.com)
Date: 03/11/03

  • Next message: Yonatan Bokovza: "RE: Bubonic DoS tool" 
    From: "mike Hughes" <mikehughes013@hotmail.com>
To: pen-test@securityfocus.com
Date: Mon, 10 Mar 2003 20:27:10 -0800

    I have set up a little network at home, for "my own Penetration Testing
    Purposes". 2 Windows machines and 2 Linux. I have 1 Windows machine on its
    own network running windows XP default install and (Zonealarm, Sygate)

    My question:

    I want to try to see what approach people take to find Exploits and
    Vulnerbilites on a system like this. Soo the first steps i took is:

    installed SYGATE with default settings on Windows XP machine, Went over to
    Linux and ran a NMAP scan:
    nmap -vv -sS -P0 111.111.111.111
    all ports are filtered
    And SYGATE detected it as only MINOR port scans it didnt even come up with
    an ALERT-just logged it!

    So then tryed NESSUS against this machine and got back:
    results|111.11.111.11|ntp (123/udp)|10884|Security Note|\nIt is possible to
    determine a lot of information about the remote host \nby querying th$
    results|111.11.111.11|ntp (123/udp)|10647|Security Warning|\nAn NTP server
    is running on the remote host. Make sure that\nyou are running the lat$

            So i know i would go to sites like Buqtraq,Security Focus and look
    for documents on this service and see what i can do with it?

    But if it is behind a firewall can it still be exploited???and would disable
    the firewall first? or...<-------

    Than i installed zonealarm and searched for exploits on it and found this
    nmap exploit and ran an NMAP scan like this:
    nmap -g67 -P0 -sS 111.11.111.111
    And all the ports are filtered :
    nmap -vv -sS -P0 -p 1-1064 111.11.111.111 -D www.blah.org
    A site I visted from the windows machine earlier for a bounce attack and
    still nothing.

    My nest option was going to try HPING2 and try to set the Fragment to "0"
    and run that against the Firewalled machine too see what happens.

    I also remember Windows XP installs MSN Messenger by default. Soo i searched
    around more and found this:

    http://www.mynetwatchman.com/winpopuptester.asp

    And i ran the test with SYGATE firewall enabled, and a POP-WINDOW POPPED UP
    Soo that means it can be accesiable right??
    "cause the POP-UP came right through"
    So that means something is open amd that my SCANS DIDNT PICK UP?? ----> How
    come?

    Soo can anyone tell me i DONT mean step by step "but(SUGGESTIONS, IDEAS)" on
    how do people exploit things or "how they do there own assesments" like
    this.(for learning purposes). I have done alittle bit of homeowrk but NOT
    ENOUGH.. I want to test HPING against it too but there are just soo many
    commands anyone have any good command string they use to test FIREWALLS? How
    would some of you approach something like this: im really trying to get into
    more secuirty now by reading and playing but am sort of "stumped right now!"
    Any ideas (tips) i should try or should do differently that would help me on
    my testings.Again this is all against my own machines... and im not asking
    steps but maybe a little push..just to learn more about the secuiry issues
    with them and learn how hackers would approach ISSUES like this. Ohh ya i
    found this code also for bypassing firewalls but dont understand it, i wanna
    learn about it beofore i try it and play with it from here:
    http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2003-02/0268.html

    Thanks Mike

    _________________________________________________________________
    Protect your PC - get McAfee.com VirusScan Online
    http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

    ----------------------------------------------------------------------------

    Are your vulnerability scans producing just another report?
    Manage the entire remediation process with StillSecure VAM's
    Vulnerability Repair Workflow.
    Download a free 15-day trial:
    http://www2.stillsecure.com/download/sf_vuln_list.html

  • Next message: Yonatan Bokovza: "RE: Bubonic DoS tool"

    Relevant Pages

    • Re: Components to install Linux
      ... > a network between the two PCs by putting a firewall on the one with ... > Linux which will be connected to a boradband Internet service. ... Linux is an excellent choice for setting up a firewall between your ... I feel that having a windows machine on your network is a security ...
      (comp.os.linux)
    • Re: Components to install Linux
      ... >> a network between the two PCs by putting a firewall on the one with ... >> Linux which will be connected to a boradband Internet service. ... > Linux is an excellent choice for setting up a firewall between your ... I am sure I could do the same with a windows machine, but, ...
      (comp.os.linux)
    • Re: Firewall security: Re: Problems with simple Samba file share
      ... address for configuration plus a well-known default password is ... But the firewall will only respond to local ... Having a windows machine means that you are not. ... >> own network, then why haven't you configured it like that? ...
      (comp.os.linux.misc)
    • Re: SSH struggle
      ... firewall is open for port 22 on my LAN. ... > When I SSH from a Windows machine on the LAN using SecureCRT with SSH2, ... > SecureCRT has disconnected from the server. ...
      (comp.os.linux.networking)
    • Re: best networking configuration for router/linux server/windows client ?
      ... But given, a wireless router, linux server and windows machine, what ... But I am using the router for firewall. ...
      (comp.os.linux.networking)
    • Quantcast