RE: Pentesting lab



Metasploit is a great free tool. That is now owned by a company called
Rapid7 that makes a great free and somewhat expensive security tool called
Nexpose. This is a tool that I use alongside metasploit due to the fact
that it will point out exploits that are readily exploitable with
metasploit. I can even run my scans for vulnerabilities and exploit them
with metasploit autopwn. If the exploits are not available in metasploit I
can look them up via CVE: # and then search the vast number of exploits with
in the Milw0rm database. This doesn't make me a script kiddie it just means
that I don't write my own exploits. I do however have to modify some or
most of the Milw0rm exploit code in order to get a remote shell.


Thank You,
Reginald Wheeler, Owner
A+, Networking+, MCSE 2003
1907 Hampton Dr.
Sandy Springs, GA 30350
Ph:678.615.2997
wheeler90@xxxxxxxxxxx
Universal Systems Consulting LLC
Simplifying IT





-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Matt Gardenghi
Sent: Monday, February 15, 2010 3:42 PM
To: woman
Cc: s3c.b3n; pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: Pentesting lab

Um, you just said that Metasploit is a script kiddies tool. Not sure if
your define script kiddies tools as "free" and professional tools as
"expensive," but that statement is ludicrous. Most (all?) pros that I have
ever heard of/met/read use Metasploit. You can't go wrong with it and
frankly, I'd stand it up against Core Impact any day of the week.
The difference is that Core has a better interface.

But, seriously, Metasploit isn't a skiddie tool, it's a powerful tool that
happens to be free.

/rant

On 2/10/2010 5:25 PM, woman wrote:
Hi,

Just keep your expectation on low level when you will tell at the work
interview about that you are using metasploit.
In the real word at the security companies this tool is considered as
tool for kids under age 12.

Additional thing:
Someone here wrote about malware analysis. I don't think that you have
to study both subjects at one time:
One subject is pen-testing and second subject is malware analysis.

For doing pen-testing you have to gain a huge knowledge NETWORKING -->
protocols and relevant RFC , devices; bridges, routers, switches, etc
...
For doing malware analysis you have to know Operating System
infrastructure --> processes, memory, etc ... and of course C and
Assembly

My advise : just leave malware analysis for later time.

-----------
Woman


On Sat, Jan 9, 2010 at 7:20 PM, s3c.b3n<securitybender@xxxxxxxxx> wrote:

This link is really amazing.

Thanks a lot

On Tue, Jan 5, 2010 at 3:32 PM, charles watathi
<charleswatathi@xxxxxxxxx> wrote:

Hi,

For a detailed review of what you can setup when coming up with a
pentesting lab, kindly check the link below. It includes most of the
labs you should setup,security challenges and where you can go and
"train"

http://blog.securitymonks.com/2009/08/23/learning-by-doing-hacker-ch
allenges-and-practice-sites/

Regards
Charles

On 1/4/10, Elliot Fernandes<elliotfernandes@xxxxxxxxx> wrote:

For pentesting windows your setup seems good, but not enough. Try
to get more, like: you'd need to test out attacking SNMP, bruteforcing
SSH, ....
and also have a large wordlist ready for all of this, and generate
some rainbow tables. You'd need these for password attacks.

--- On Mon, 1/4/10, Swaminathan,
Balaji<Balaji.Swaminathan@xxxxxxxxxxxxxx>
wrote:


From: Swaminathan, Balaji<Balaji.Swaminathan@xxxxxxxxxxxxxx>
Subject: RE: Pentesting lab
To: "Elliot Fernandes"<elliotfernandes@xxxxxxxxx>, "s3c.b3n"
<securitybender@xxxxxxxxx>
Cc: pen-test@xxxxxxxxxxxxxxxxx
Date: Monday, January 4, 2010, 5:01 PM

Exactly....I am doing the same thing in addition to running Win
Server 2k3...Backtrack and Metasploit as attacker are good and
flexible to use.
As you mentioned Netbios ports alone, I feel, are not enough...Wat
do you say...? In addition i am installing SQL, SMTP, IIS and etc
and then fine tuning them depending upon the exploit success rate.
Is that fine
or anything more left to be focused?

Thank you for pointing out malware testing.


Regards,

Balaji Swaminathan .M


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Elliot Fernandes
Sent: Monday, January 04, 2010 2:04 AM
To: s3c.b3n
Cc: pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Pentesting lab

You could run vmware, and install windows xp service pack 2.
service pack 2 is used by most people in the windows world, they
havent completely shifted to vista or windows 7. It's already
running vulnerable services mostly on ports 135,139, and 445 tcp.
You just need
the latest version of metasploit to test it. For analyzing malware
there's a script in python called malware analyzer
http://www.beenuarora.com/code/analyse_malware.py . But you will
need the PE module from google code
http://code.google.com/p/pefile in the same folder. The malware
analyzer is amazingly good for analyzing botnet-binaries and
viruses and such. You'll also need Olly Debug and IDA pro. Have
two VMs ready, one windows for the victim, and linux, preferably
backtrack for the attacker. That should about do. Oh, you could
also have a Honeypot ready to catch exploits from the wild. you
could have them separated from your normal network.




------------------------------------------------------------------
------ This list is sponsored by: Information Assurance
Certification Review Board

Prove to peers and potential employers without a doubt that you
can actually do a proper penetration test. IACRB CPT and CEPT
certs require a full practical examination in order to become
certified.


http://www.iacertification.org
------------------------------------------------------------------
------






-------------------------------------------------------------------
----- This list is sponsored by: Information Assurance
Certification Review Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.

http://www.iacertification.org
-------------------------------------------------------------------
-----






--
s3c b3n

---------------------------------------------------------------------
--- This list is sponsored by: Information Assurance Certification
Review Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
---------------------------------------------------------------------
---



----------------------------------------------------------------------
-- This list is sponsored by: Information Assurance Certification
Review Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
----------------------------------------------------------------------
--



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------