pen test v2.0

From: Mehmet Buyukozer (mbuyukozer_at_gmx.co.uk)
Date: 09/18/03

  • Next message: Dan Codespoti: "RE: New RPC exploit for the latest RPC vulnerability"
    To: <security-basics@securityfocus.com>
    Date: Thu, 18 Sep 2003 13:24:05 -0700
    
    

    Dear friends;

    i really thank you for your help. Somebody told me that i should search on
    the internet than ask a question in this group. Firstly i wanted to answer
    this question explicitly, i am already doing so. The aim behind asking
    question here was to learn the opinions of experts like you. Secondly i will
    try to explain the situation. Our customer wanted us to scan their computers
    which are open to internet. they wanted to see if some real hackers try to
    hack and what could be the results. So ids or firewall logs don't matter
    very much at first sight. anyway we used:

    Nessus
    AppScan
    Retina
    ISS
    NMAP

    I know something about pen test. I mean i am already familiar with the pen
    test , but wanted to learn deeply. and the answers and links that you gave
    helped really much.

    At the end of our test, we find only the HTTP open to the internet and they
    already patched very well.How did we understand this? we tried many known
    exploits and also add to the reports that some known vulnerabilites but
    havent written an exploit for it, and advice them to follow the patch.
    We used NMAP for OS detection and find they are using W2K with SP2, and IIS
    5.0, at the beginning we couldnt ping but then tried to tracert, we got
    answer and finally we add all these stuff to VA.

    If you have some further question or advice about our survey, i really want
    to hear them.

    Thanx in advance

    ---------------------------------------------------------------------------
    Captus Networks
    Are you prepared for the next Sobig & Blaster?
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Precisely Define and Implement Network Security
     - Automatically Control P2P, IM and Spam Traffic
    FIND OUT NOW - FREE Vulnerability Assessment Toolkit
    http://www.captusnetworks.com/ads/42.htm
    ----------------------------------------------------------------------------


  • Next message: Dan Codespoti: "RE: New RPC exploit for the latest RPC vulnerability"