Re: Exploit Archive

From: Jacob Uecker (jacob_at_juecker.net)
Date: 08/19/04

  • Next message: Senser: "Re: Exploit Archive"
    Date: Thu, 19 Aug 2004 09:09:50 -0700
    To: pen-test@securityfocus.com
    
    

    I agree. If you want up to date, you'll have to do twice as much work
    with Knoppix. Does anyone out there have a set of tools that they use
    to build a knoppix cd when they need to upgrade a single (or small set)
    of utilities within the distro?

    Jacob

    Todd Towles wrote:

    > Knoppix is good and very useful, but has drawbacks. You can't keep it
    > very up-to-date and you have to run it all the CD. The new version of
    > Nmap (3.55) has really good OS detection and of course you wouldn't have
    > that in Knoppix. I use Knoppix and Knoppix-STD for Kismet and Airsnort
    > mostly. Or just messsing around at Startbucks ;)
    >
    > But to really get the newest tools, you need to have a linux box and
    > learn to work with apps on it.
    >
    > Just 2c
    >
    > -----Original Message-----
    > From: Jacob Uecker [mailto:jacob@juecker.net]
    > Sent: Wednesday, August 18, 2004 11:32 AM
    > To: DeMott Jared; pen-test@securityfocus.com
    > Subject: Re: Exploit Archive
    >
    > I don't personally have an exploit library per se but you can check out
    > www.packetstormsecurity.org They post exploits as they are published.
    > As far as methodology is concerned, take a look at
    > http://www.isecom.org/projects/osstmm.shtml
    >
    > VMware is good for some applications, but it doesn't allow you the guest
    > OS control over the hardware like you could have if you were running it
    > right off the box. A lot of people use KNOPPIX on their Windows boxes.
    >
    > Regards,
    > Jacob
    >
    > DeMott Jared wrote:
    >
    >
    >>Gang:
    >>
    >>I was wondering if anyone has a nice archive of Windows, Unix, etc.
    >>exploits (fully functional) they'd be willing to share. I'm about to
    >>do the first pen-test of our network. I know that I can identify
    >>"potential" flaws using Nessus, but my boss has asked that I prove to
    >>him each and every "potential" weakness. I've been told that you can
    >>find many exploits out on the web, but it's been such a hassle trying
    >>to find all of what I'm looking for!
    >>
    >>Also, I've been reading the discussion about methodology some people
    >>have been having:
    >>
    >>1.) Vulnerability Assessment 2.) Penetration Test
    >> -Gather data -Pretend
    >
    > not
    >
    >>to know data
    >> -Assess potential weakness -Try to Hack into
    >>the network
    >> -Determine what current patch levels are -Report successes or
    >>failures
    >> (does someone have this data?)
    >> -Recommend all necessary corrections
    >>
    >>Does anyone have a more complete methodology paper? I've been hearing
    >
    >
    >>some of the pros and cons of the above two. Do you normally do both,
    >>or just whatever people what? I assume the first is more difficult
    >>and time consuming; is that true?
    >>
    >>The approach is certainly important, but even more intimidating: I
    >>feel like I need to know everything about varying brands of firewalls,
    >
    >
    >>routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix,
    >>Netware, etc., etc., etc.! I'm pretty experienced in Unix and
    >>Firewalls, but does anyone have any advise on dealing with the shear
    >>magnitude of data necessary? Also, from the more practical tools
    >>stand point, do you guys just have everything loaded on one "attack"
    >
    > laptop.
    >
    >>Dual boot, or VmWare?
    >>
    >>Thanks so much!
    >>
    >>Jared DeMott
    >>Vulnerability Analyst
    >>Booz | Allen | Hamilton
    >>
    >
    >
    >
    > ------------------------------------------------------------------------
    > ------
    > Ethical Hacking at the InfoSec Institute. All of our class sizes are
    > guaranteed to be 12 students or less to facilitate one-on-one
    > interaction with one of our expert instructors. Check out our Advanced
    > Hacking course, learn to write exploits and attack security
    > infrastructure. Attend a course taught by an expert instructor with
    > years of in-the-field pen testing experience in our state of the art
    > hacking lab. Master the skills of an Ethical Hacker to better assess the
    > security of your organization.
    >
    > http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
    > ------------------------------------------------------------------------
    > -------
    >

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.

    http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
    -------------------------------------------------------------------------------


  • Next message: Senser: "Re: Exploit Archive"

    Relevant Pages

    • RE: Exploit Archive
      ... Knoppix is good and very useful, ... Ethical Hacking at the InfoSec Institute. ... interaction with one of our expert instructors. ... learn to write exploits and attack security ...
      (Pen-Test)
    • Re: Exploit Archive
      ... > to build a knoppix cd when they need to upgrade a single ... We have made a distribution for security ... The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. ... Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: Patch management tool
      ... > Ethical Hacking at the InfoSec Institute. ... > interaction with one of our expert instructors. ... Hacking course, learn to write exploits and attack security ...
      (Pen-Test)
    • RE: password keeper
      ... Ethical Hacking at the InfoSec Institute. ... interaction with one of our expert instructors. ... Hacking course, learn to write exploits and attack security ...
      (Pen-Test)
    • Re: Web Application Tester
      ... >> Ethical Hacking at the InfoSec Institute. ... >> with one of our expert instructors. ... Check out our Advanced Hacking course, ... > learn to write exploits and attack security infrastructure. ...
      (Pen-Test)