Re: Exploit Archive

From: Francisco Sáa Muñoz aka n3z (fsm_at_aesthechnics.com)
Date: 08/20/04

Next message: George Hedfors: "Re: Odd server side scripts source disclosure vulnerability"

Previous message: David J. Bianco: "Re: Odd server side scripts source disclosure vulnerability"
In reply to: chewy: "Re: Exploit Archive"
Next in thread: Kevin Sheldrake: "Re: Exploit Archive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 20 Aug 2004 09:05:40 +0200
To: pen-test@securityfocus.com

Quoting chewy <chewy@pandora.be>:

> > On Sat, 14 Aug 2004, DokFLeed.Net wrote:
>
> > > *verify the OS fingerprinting you get , then optimize your test.
> > > *test only what's open, don't be a dreamer and try to audit a closed
> port, I
> > > have seen it happening. and I bet each tester on his first project did
> it,
> > > its the enthusiasm rather than experience.
>
> I'm just wondering how do you remotely check for applications that use a
> level of authentication based on port knocking without beeing a dreamer
> then ?

Usually, people use the software with default configuration.

When auditing, I try usually a lil' script against cd00r (hail to the first),
SAdoor, toctoc and the other portknocking's software defaults.

As easy as is.

--
]-* Francisco Sáa Muñoz a.k.a. Nuno Treez
Security Junkee since 1996
Linux User #119288
mame.dk #115087
Utinam barbari spatium proprium tuum invadant!
*-[EOF]
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------

Next message: George Hedfors: "Re: Odd server side scripts source disclosure vulnerability"

Previous message: David J. Bianco: "Re: Odd server side scripts source disclosure vulnerability"
In reply to: chewy: "Re: Exploit Archive"
Next in thread: Kevin Sheldrake: "Re: Exploit Archive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Exploit Archive
... > *test only what's open, don't be a dreamer and try to audit a closed port, I ... systems configurations match the security policy of the site. ... why I lay alot more validity to configuration audits then I do to port ... Ethical Hacking at the InfoSec Institute. ...
(Pen-Test)
RE: Wireless Scanning
... then each of the items found can have their security tested. ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... Check out our Advanced Hacking course, ...
(Pen-Test)
Re: Wireless Scanning
... then each of the items found can have their security tested. ... > Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ...
(Pen-Test)
RE: Wireless Scanning
... then each of the items found can have their security tested. ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... Check out our Advanced Hacking course, ...
(Pen-Test)
ProxyFinder v1.0 released
... > Ethical Hacking at the InfoSec Institute. ... > Ethical Hacker to better assess the security of your organization. ... Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. ...
(Pen-Test)