Inspirations, captions, ideas and notes.

Article from http://seclists.org/pen-test/2000/Sep/0200.html

I assume you meant the usual network-based penetration test by that.
If you are asked to mess with a client’s pbx/vmb, physical security,
employees, etc… there are other techniques or hardware involved.
Most penetration tests are conducted in two phases: exploration and
exploitation.
I recommend you tailor a software ‘tool suite’ with those as
guidelines. Depending on your style, organizing tools this way may
or may not be efficient.
Below are examples biased towards Unix; perhaps an NT person has
suggestions for that platform.
Exploration and Analysis
– portscanners:
nmap (www.insecure.org)
– sniffers:
tcpdump (www.tcpdump.org)
ngrep (sourceforge.net/projects/ngrep)
dsniff (www.monkey.org/~dugsong/dsniff)
– vuln scanners:
vlad (razor.bindview.com/tools/)
whisker (sourceforge.net/projects/whisker)
– Samba, nbtscan, l0phtcrack & other tools for windows networks
– the inevitable custom code and scripts
Exploitation
– hunt (www.gncz.cz/kra/index.html)
– misc tools (www.ussrback.com, http://www.packetfactory.net)
– whatever is current from packetstorm/ussrlabs/bugtraq/etc.
for the targets.
This category is dynamic and typically contains unreleased
exploits, in-house code, etc. Its also the attack phase which
causes most ‘script kiddies’ grief, as it requires a lot of creative
tweaking to avoid detection.
A portable computer and disc with various tools compiled for your platform
of choice is a good starting point for a network penetration kit.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: