Cross testing exploit with vulnerability scan results

From: Chroot <chrooted@xxxxxxxxx>
Date: Fri, 27 Jul 2007 17:55:30 +0530

Hi Fellow testers,

I've been conducting pen tests since 4 yrs now... the methodology I
follow is that we exploit or attempt to exploit ONLY those
vulnerabilities that a vulnerability scanner identifies. What if the
appropriate check or signature in the vulnerability scanner was not up
to date or had some coding issue or was not comprehensiveness enough
(or anything else) to identify a real existing vulnerability on a
system. This can result in serious false negatives. Would downloading,
installing and cross testing all available exploits for an identified
service be a good idea to minimize such a case? How many people have
faced such an issue or a similar issue? For me I faced this issue with
some bug in Nessus recently.

This is something like my NMAP says there is IIS6.0 running on port
443 of a target server. I do a Nessus scan on it and it doesn't report
anything. I then download all available exploits for IIS6.0 (or for
all version of IIS? would this make sense) from securityfocus.com or
securiteam.com or similar source and run it manually on the target
system.

Eagerly await opinions.

THNX

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Follow-Ups:
- Re: Cross testing exploit with vulnerability scan results
  - From: Anders Thulin
- RE: Cross testing exploit with vulnerability scan results
  - From: Steve Armstrong
- Re: Cross testing exploit with vulnerability scan results
  - From: Morning Wood
- Re: Cross testing exploit with vulnerability scan results
  - From: John M. Martinelli

Prev by Date: Basic facilities required to establish a pen test lab
Next by Date: SAS 70
Previous by thread: Basic facilities required to establish a pen test lab
Next by thread: Re: Cross testing exploit with vulnerability scan results
Index(es):
- Date
- Thread

Relevant Pages

Re: Zotob worm patch?
... The vulnerability could not be exploited remotely by ... > I know that many in this group support downloading Windows XP ... I download and install ONLY what is absolutely ... > about the Zotob worm, I.E., PnP and compromised Windows security. ...
(microsoft.public.windowsxp.general)
[Full-Disclosure] STG Security Advisory: [SSA-20030701-03] ChangshinSoft ezTrans Server File Downloa
... Download Vulnerability ... For inappropriate input validation in a file download module of ezTrans ... Server, an attacker can download files accessible to web server privilege. ... Vendor Status: FIXED ...
(Full-Disclosure)
Re: Cross testing exploit with vulnerability scan results
... I have been using Nessus since years now.. ... scanner that might be temporary ... ... remember that vulnerability scanning with an automated scanner is ... else you may download 'bad code'. ...
(Pen-Test)
Re: Help with CWS trojan
... >I am running Windows XP Professional on computer with a dial-up ... (which is where the vulnerability is sometimes said to ... >infection with CWS? ... Download, ...
(microsoft.public.security.virus)
RE: Cross testing exploit with vulnerability scan results
... don't know how to USE nessus properly. ... remember that vulnerability scanning with an automated scanner is ... else you may download 'bad code'. ... vulnerability analysis - not a penetration test. ...
(Pen-Test)