Re: Attack Server



Another good vm for pre-configured web apps is the OWASPBWA (it
includes DVWA). You might check that out.

http://code.google.com/p/owaspbwa/

-Terry


On Wed, Sep 8, 2010 at 9:51 AM, TAS <p0wnsauc3@xxxxxxxxx> wrote:

Hey Kurt,

I end up responding to most of your emails :)

If you are also looking at setting up vulnerable web applications in the lab then have a look at a comprehensive list complied at

Http://securitythoughts.wordpress.com

TASQ



On Sep 8, 2010, at 20:34, "Kurt M. John" <kurt.md.john@xxxxxxxxx> wrote:

Hey Guys,

I got another one for you. I'm looking to create a combination
attack/testing server. The idea here is to have a server than can
perform remote analysis and attacks (and perform such services as tftp)..
The server will also double as a testing server. Ideally I'd like to
have a few VMs on there such as Damn Vulnerable Linux (for training) and
Windows Server 2003 (for fine-tuning attacks before launching it against
client systems).

Currently the server has the following hardware specs: 4gigs of ram and
1TB of space.

If you guys have any suggestions or links/documents which offer a good
setup for what I described that would be great.

Initial software I'm thinking includes:

Windows Server 2003
VMWare Workstation
     Helix     Backtrack4     Damn Vulnerable Linux     Windows XP, 7


Thanks Guys

Kurt M. John, CISA, C|EH, CPT
http://www.applisoft.net





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Pentest - ISA server
    ... I too think there is an IPS at the network boundary other than an ISA ... had quite a few bind exploits but the ISA server drops the connection. ... Tried to run fast-track using reverse connections but no luck. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Host discovery
    ... Web Server ... enabled and how we will attempt to map them from the Internet. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually ...
    (Pen-Test)
  • Re: Alisse
    ... Jolt server, but it is not able to even open ... AFAIK the Jolt server functions as a service catalogue, but I'm not a BEA ... Information Assurance Certification Review ...
    (Pen-Test)
  • Re: Scriptable defense question
    ... if you are able to parse the log, if your loggin in xml for example you can use a sax parser or whatever you prefer, then call iptables to filter connection to the host. ... Lets says there is a generic server that is on a dmz, and there are many password attempts on the server. ... Is there a tool that would allow for a tcp reset, or connection drop, or possible bar future sessions from that IP? ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Alisse
    ... Ioannis (Yiannis) Koukouras ... Jolt server, but it is not able to even open ... Information Assurance Certification Review ...
    (Pen-Test)